feat: 切换到自定义翻译页面了

.cnb.yml

@@ -29,7 +29,7 @@ main:
         HF_SPACE_URL: "https://huggingface.co/spaces/ServiceX/PDF"
         HF_SPACE_SECRET_KEY: "BASIC_AUTH_USERS"
         BASIC_AUTH_FILE: "basic_auth_users.txt"
-        HF_EXCLUDE_FILES: ".cnb.yml basic_auth_users.txt scripts"
+        HF_EXCLUDE_FILES: ".cnb.yml basic_auth_users.txt src/scripts"
       stages:
         - name: Update HF Space Secret
           script: |
@@ -40,7 +40,7 @@ main:
             HF_SPACE_URL="${HF_SPACE_URL}" \
             HF_SPACE_SECRET_KEY="${HF_SPACE_SECRET_KEY}" \
             BASIC_AUTH_FILE="${BASIC_AUTH_FILE}" \
-            uvx --from huggingface_hub python scripts/update_space_secret.py
+            uvx --from huggingface_hub python src/scripts/update_space_secret.py
 
         - name: Push Git To Huggingface Spaces
           script: |

Dockerfile

@@ -19,21 +19,21 @@ COPY --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/uv
 
 ENV PATH="/root/.local/bin:${PATH}" \
     PYTHONDONTWRITEBYTECODE=1 \
-    PYTHONUNBUFFERED=1 \
-    GRADIO_SERVER_NAME=127.0.0.1 \
-    GRADIO_SERVER_PORT=7861
+    PYTHONUNBUFFERED=1
 
-# 安装 pdf2zh-next
-RUN uv tool install --python 3.12 pdf2zh-next
-
-# 为网关创建独立 venv 并安装依赖
+# 为网关创建独立 venv 并安装依赖（包含 pdf2zh-next）
 RUN uv venv /opt/gateway --python 3.12 && \
     uv pip install --python /opt/gateway/bin/python \
-        "fastapi>=0.115" "uvicorn[standard]>=0.32" "httpx>=0.28" \
-        python-multipart bcrypt itsdangerous websockets
-
-# 复制网关和启动脚本
-COPY gateway.py /gateway.py
+        "pdf2zh-next" \
+        "fastapi>=0.115" \
+        "uvicorn[standard]>=0.32" \
+        "httpx>=0.28" \
+        "python-multipart" \
+        "bcrypt" \
+        "itsdangerous"
+
+# 复制应用代码和启动脚本
+COPY src /src
 COPY entrypoint.sh /entrypoint.sh
 RUN chmod +x /entrypoint.sh
 

README.md

@@ -9,18 +9,29 @@ pinned: false
 
 ## PDFMathTranslate-next on HuggingFace Spaces
 
-这个仓库用于部署 `pdf2zh_next --gui`，并通过 Caddy BasicAuth 做访问门控。
+这个仓库部署一个单体 FastAPI 服务，包含：
+
+1. 用户登录（Session Cookie）
+2. 自研 Web UI（上传 PDF、查看任务、下载结果）
+3. 任务队列（单 worker）调用 `pdf2zh_next` Python API
+4. 内部 OpenAI 兼容代理：`/internal/openai/v1/chat/completions`
+5. 按登录用户名计费（token + USD）
 
 ### 运行架构
 
-1. `pdf2zh_next --gui` 在容器内监听 `127.0.0.1:7861`
-2. Caddy 监听外部端口 `7860`
-3. 除 `/healthz` 外，所有请求都需要 BasicAuth
-4. 认证通过后，Caddy 反向代理到 `pdf2zh_next`
+1. 用户访问 `:7860` 登录并提交翻译任务
+2. 后台 worker 调用 `pdf2zh_next`，并把 OpenAI 请求发到本机内部代理
+3. 内部代理转发到 OpenAI 官方 API，同时记录 token 用量
+4. 计费按 `username` 聚合，前端展示账单
 
 ### 必需 Secret
 
-在 HuggingFace Space 设置 `BASIC_AUTH_USERS`（多行文本）：
+在 HuggingFace Space 设置：
+
+- `BASIC_AUTH_USERS`（多行文本）
+- `OPENAI_API_KEY`
+
+`BASIC_AUTH_USERS` 格式：
 
 ```text
 alice:your_password_1
@@ -28,22 +39,20 @@ bob:your_password_2
 ```
 
 规则：
+
 - 每行一个账号，格式 `username:password`
 - 空行和 `#` 开头行会被忽略
-- 容器启动时会把明文密码转换为 bcrypt 哈希，仓库不保存真实密码
+- 支持明文密码与 bcrypt 哈希
 
-### CI 同步到 Spaces 的排除策略
+### 可选环境变量
 
-- 本仓库可本地维护密码文件：`basic_auth_users.txt`
-- CNB `push` 分两个阶段：
-  - 阶段 1：读取 `basic_auth_users.txt`，自动更新 Space Secret `BASIC_AUTH_USERS`
-  - 阶段 2：删除排除文件后，强制推送代码到 HuggingFace Spaces
-- 推送前会删除以下文件：
-  - `.cnb.yml`
-  - `basic_auth_users.txt`
-  - `scripts/`
-- 排除列表在 `.cnb.yml` 的 `HF_EXCLUDE_FILES` 中配置（空格分隔）
-- 密钥更新脚本：`scripts/update_space_secret.py`
+- `SESSION_SECRET`：Session 签名密钥
+- `INTERNAL_KEY_SALT`：内部 key 生成盐（默认复用 `SESSION_SECRET`）
+- `DEFAULT_OPENAI_MODEL`：默认模型（默认 `gpt-4o-mini`）
+- `DEFAULT_LANG_IN`：默认源语言（默认 `en`）
+- `DEFAULT_LANG_OUT`：默认目标语言（默认 `zh`）
+- `TRANSLATION_QPS`：翻译 QPS（默认 `4`）
+- `DATA_DIR`：数据目录（默认 `/data`）
 
 ### 健康检查
 
@@ -55,5 +64,19 @@ bob:your_password_2
 docker build -t pdf2zh-gated .
 docker run --rm -p 7860:7860 \
   -e BASIC_AUTH_USERS=$'alice:pass1\nbob:pass2' \
+  -e OPENAI_API_KEY='sk-your-openai-key' \
   pdf2zh-gated
 ```
+
+### CI 同步到 Spaces 的排除策略
+
+- 本仓库可本地维护密码文件：`basic_auth_users.txt`
+- CNB `push` 分两个阶段：
+  - 阶段 1：读取 `basic_auth_users.txt`，自动更新 Space Secret `BASIC_AUTH_USERS`
+  - 阶段 2：删除排除文件后，强制推送代码到 HuggingFace Spaces
+- 推送前会删除以下文件：
+  - `.cnb.yml`
+  - `basic_auth_users.txt`
+  - `src/scripts/`
+- 排除列表在 `.cnb.yml` 的 `HF_EXCLUDE_FILES` 中配置（空格分隔）
+- 密钥更新脚本：`src/scripts/update_space_secret.py`

entrypoint.sh

@@ -1,37 +1,18 @@
 #!/usr/bin/env bash
 set -euo pipefail
 
-# 验证必需的环境变量
 RAW_USERS="${BASIC_AUTH_USERS:-}"
 if [[ -z "${RAW_USERS}" ]]; then
     echo "[ERROR] BASIC_AUTH_USERS is required. Use one 'username:password' per line." >&2
     exit 1
 fi
 
-# 固定内部监听，确保 pdf2zh_next 只能经由网关访问
-export GRADIO_SERVER_NAME="${GRADIO_SERVER_NAME:-127.0.0.1}"
-export GRADIO_SERVER_PORT="${GRADIO_SERVER_PORT:-7861}"
-# 部分 Gradio 应用优先读取 PORT；强制覆盖避免与网关的 7860 冲突
-export PORT="${GRADIO_SERVER_PORT}"
-
-echo "[INFO] Starting pdf2zh_next on ${GRADIO_SERVER_NAME}:${GRADIO_SERVER_PORT}"
-pdf2zh_next --gui --server-port "${GRADIO_SERVER_PORT}" &
-PDF_PID=$!
+if [[ -z "${OPENAI_API_KEY:-}" ]]; then
+    echo "[ERROR] OPENAI_API_KEY is required." >&2
+    exit 1
+fi
 
 echo "[INFO] Starting gateway on :7860"
-cd / && /opt/gateway/bin/uvicorn gateway:app \
-    --host 0.0.0.0 --port 7860 --log-level info &
-GW_PID=$!
-
-cleanup() {
-    kill "${PDF_PID}" "${GW_PID}" 2>/dev/null || true
-}
-trap cleanup INT TERM EXIT
-
-# 任一进程退出都结束容器
-set +e
-wait -n "${PDF_PID}" "${GW_PID}"
-EXIT_CODE=$?
-set -e
-echo "[ERROR] A service exited unexpectedly. Shutting down."
-exit "${EXIT_CODE}"
+cd / && exec /opt/gateway/bin/uvicorn gateway:app \
+    --app-dir /src \
+    --host 0.0.0.0 --port 7860 --workers 1 --log-level info

gateway.py

@@ -1,368 +0,0 @@
-#!/usr/bin/env python3
-"""FastAPI 认证网关：Session 登录 + 反向代理到 pdf2zh_next(:7861)。
-
-架构：用户 → Gateway(:7860) [Session Auth] → pdf2zh_next(:7861)
-"""
-
-import asyncio
-import logging
-import os
-import secrets
-from typing import Optional
-
-import bcrypt
-import httpx
-import websockets
-import websockets.exceptions
-from fastapi import FastAPI, Form, Request, WebSocket
-from fastapi.responses import HTMLResponse, RedirectResponse, Response, StreamingResponse
-from itsdangerous import BadSignature, SignatureExpired, TimestampSigner
-from starlette.background import BackgroundTask
-
-# ── 配置 ──────────────────────────────────────────────────────────────────────
-UPSTREAM_HTTP = "http://127.0.0.1:7861"
-UPSTREAM_WS = "ws://127.0.0.1:7861"
-SESSION_COOKIE = "gw_session"
-SESSION_MAX_AGE = 86400  # 24 小时
-
-SECRET_KEY = os.environ.get("SESSION_SECRET") or secrets.token_hex(32)
-signer = TimestampSigner(SECRET_KEY)
-
-# hop-by-hop headers（不透传给上游或客户端）
-HOP_BY_HOP = frozenset(
-    [
-        "connection",
-        "keep-alive",
-        "proxy-authenticate",
-        "proxy-authorization",
-        "te",
-        "trailers",
-        "transfer-encoding",
-        "upgrade",
-    ]
-)
-
-logging.basicConfig(
-    level=logging.INFO,
-    format="%(asctime)s %(levelname)s %(name)s - %(message)s",
-)
-logger = logging.getLogger("gateway")
-
-
-# ── 用户加载与认证 ────────────────────────────────────────────────────────────
-def _load_users() -> dict[str, str]:
-    """从 BASIC_AUTH_USERS 环境变量加载用户名和明文密码。
-
-    支持格式：每行 `username:password`，支持 \\n 转义的单行形式。
-    """
-    raw = os.environ.get("BASIC_AUTH_USERS", "").replace("\\n", "\n")
-    users: dict[str, str] = {}
-    for line in raw.splitlines():
-        line = line.strip()
-        if not line or line.startswith("#"):
-            continue
-        if ":" not in line:
-            logger.warning("Skipping invalid BASIC_AUTH_USERS line (no colon)")
-            continue
-        username, password = line.split(":", 1)
-        if username and password:
-            users[username] = password
-    if not users:
-        logger.error("No valid users found — authentication will always fail")
-    return users
-
-
-USERS = _load_users()
-
-
-def _verify_credentials(username: str, password: str) -> bool:
-    """验证用户名密码，使用 secrets.compare_digest 防止时序攻击。
-
-    支持明文密码和 bcrypt 哈希（以 $2b$ 开头）。
-    """
-    stored = USERS.get(username)
-    if stored is None:
-        return False
-    if stored.startswith("$2"):
-        # bcrypt 哈希
-        return bcrypt.checkpw(password.encode(), stored.encode())
-    # 明文对比
-    return secrets.compare_digest(stored, password)
-
-
-# ── Session 签名 ──────────────────────────────────────────────────────────────
-def _make_session(username: str) -> str:
-    return signer.sign(username).decode()
-
-
-def _verify_session(token: str) -> Optional[str]:
-    try:
-        return signer.unsign(token, max_age=SESSION_MAX_AGE).decode()
-    except (BadSignature, SignatureExpired):
-        return None
-
-
-def _get_session(request: Request) -> Optional[str]:
-    token = request.cookies.get(SESSION_COOKIE)
-    return _verify_session(token) if token else None
-
-
-# ── 登录页 HTML ───────────────────────────────────────────────────────────────
-_LOGIN_HTML = """\
-<!DOCTYPE html>
-<html lang="en">
-<head>
-<meta charset="UTF-8">
-<meta name="viewport" content="width=device-width, initial-scale=1.0">
-<title>Sign In</title>
-<style>
-  *, *::before, *::after {{ box-sizing: border-box; margin: 0; padding: 0; }}
-  body {{
-    min-height: 100vh;
-    display: flex;
-    align-items: center;
-    justify-content: center;
-    background: linear-gradient(135deg, #f0f2f5 0%, #e4e8f0 100%);
-    font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;
-  }}
-  .card {{
-    background: #fff;
-    border-radius: 14px;
-    box-shadow: 0 6px 32px rgba(0, 0, 0, 0.10);
-    padding: 44px 40px;
-    width: 100%;
-    max-width: 400px;
-  }}
-  h1 {{ font-size: 1.5rem; font-weight: 700; color: #111827; margin-bottom: 6px; }}
-  p.sub {{ font-size: 0.875rem; color: #6b7280; margin-bottom: 30px; }}
-  label {{ display: block; font-size: 0.8rem; font-weight: 600; color: #374151; margin-bottom: 6px; }}
-  input[type=text], input[type=password] {{
-    width: 100%;
-    padding: 11px 14px;
-    border: 1.5px solid #e5e7eb;
-    border-radius: 8px;
-    font-size: 0.95rem;
-    outline: none;
-    transition: border-color 0.15s;
-    margin-bottom: 20px;
-    color: #111827;
-  }}
-  input:focus {{ border-color: #4f6ef7; box-shadow: 0 0 0 3px rgba(79,110,247,0.12); }}
-  button {{
-    width: 100%;
-    padding: 12px;
-    background: linear-gradient(135deg, #4f6ef7 0%, #3b5bdb 100%);
-    color: #fff;
-    border: none;
-    border-radius: 8px;
-    font-size: 1rem;
-    font-weight: 600;
-    cursor: pointer;
-    transition: opacity 0.15s;
-    letter-spacing: 0.01em;
-  }}
-  button:hover {{ opacity: 0.88; }}
-  .error {{
-    background: #fef2f2;
-    border: 1.5px solid #fecaca;
-    border-radius: 8px;
-    padding: 10px 14px;
-    font-size: 0.875rem;
-    color: #dc2626;
-    margin-bottom: 20px;
-  }}
-</style>
-</head>
-<body>
-<div class="card">
-  <h1>Welcome back</h1>
-  <p class="sub">Sign in to continue</p>
-  {error_block}
-  <form method="post" action="/login">
-    <label for="u">Username</label>
-    <input id="u" type="text" name="username" autocomplete="username" required autofocus>
-    <label for="p">Password</label>
-    <input id="p" type="password" name="password" autocomplete="current-password" required>
-    <button type="submit">Sign in</button>
-  </form>
-</div>
-</body>
-</html>
-"""
-
-
-def _login_page(error: str = "") -> str:
-    error_block = f'<div class="error">{error}</div>' if error else ""
-    return _LOGIN_HTML.format(error_block=error_block)
-
-
-# ── FastAPI App ───────────────────────────────────────────────────────────────
-app = FastAPI(docs_url=None, redoc_url=None, openapi_url=None)
-
-_http_client: Optional[httpx.AsyncClient] = None
-
-
-@app.on_event("startup")
-async def _startup() -> None:
-    global _http_client
-    _http_client = httpx.AsyncClient(
-        base_url=UPSTREAM_HTTP,
-        follow_redirects=False,
-        timeout=httpx.Timeout(60.0),
-    )
-    logger.info("Gateway started. Upstream: %s", UPSTREAM_HTTP)
-
-
-@app.on_event("shutdown")
-async def _shutdown() -> None:
-    if _http_client:
-        await _http_client.aclose()
-
-
-# ── 路由：无需认证 ─────────────────────────────────────────────────────────────
-@app.get("/healthz")
-async def healthz() -> Response:
-    return Response("ok", media_type="text/plain")
-
-
-@app.get("/login", response_class=HTMLResponse)
-async def login_page(request: Request) -> HTMLResponse:
-    if _get_session(request):
-        return RedirectResponse("/", status_code=302)
-    return HTMLResponse(_login_page())
-
-
-@app.post("/login")
-async def login(
-    request: Request,
-    username: str = Form(...),
-    password: str = Form(...),
-) -> Response:
-    next_url = request.query_params.get("next", "/")
-    if _verify_credentials(username, password):
-        token = _make_session(username)
-        resp = RedirectResponse(next_url, status_code=303)
-        resp.set_cookie(
-            SESSION_COOKIE,
-            token,
-            max_age=SESSION_MAX_AGE,
-            httponly=True,
-            samesite="lax",
-        )
-        logger.info("Login successful: %s", username)
-        return resp
-    logger.warning("Login failed: %s", username)
-    return HTMLResponse(_login_page("Invalid username or password."), status_code=401)
-
-
-@app.get("/logout")
-async def logout() -> Response:
-    resp = RedirectResponse("/login", status_code=302)
-    resp.delete_cookie(SESSION_COOKIE)
-    return resp
-
-
-# ── 路由：WebSocket 透传（Gradio 依赖） ────────────────────────────────────────
-@app.websocket("/{path:path}")
-async def ws_proxy(websocket: WebSocket, path: str) -> None:
-    """WebSocket 透传：验证 session 后桥接到上游。"""
-    token = websocket.cookies.get(SESSION_COOKIE)
-    if not token or not _verify_session(token):
-        await websocket.close(code=1008)  # Policy Violation
-        return
-
-    await websocket.accept()
-
-    qs = websocket.scope.get("query_string", b"").decode()
-    upstream_url = f"{UPSTREAM_WS}/{path}"
-    if qs:
-        upstream_url += f"?{qs}"
-
-    try:
-        async with websockets.connect(upstream_url) as upstream:
-
-            async def _client_to_upstream() -> None:
-                try:
-                    while True:
-                        data = await websocket.receive()
-                        if data["type"] == "websocket.disconnect":
-                            break
-                        msg = data.get("bytes") or data.get("text")
-                        if msg is not None:
-                            await upstream.send(msg)
-                except Exception:
-                    pass
-                finally:
-                    await upstream.close()
-
-            async def _upstream_to_client() -> None:
-                try:
-                    async for msg in upstream:
-                        if isinstance(msg, bytes):
-                            await websocket.send_bytes(msg)
-                        else:
-                            await websocket.send_text(msg)
-                except Exception:
-                    pass
-
-            tasks = [
-                asyncio.create_task(_client_to_upstream()),
-                asyncio.create_task(_upstream_to_client()),
-            ]
-            _done, pending = await asyncio.wait(tasks, return_when=asyncio.FIRST_COMPLETED)
-            for t in pending:
-                t.cancel()
-
-    except websockets.exceptions.WebSocketException as exc:
-        logger.debug("WS proxy closed: %s", exc)
-    except Exception as exc:
-        logger.debug("WS proxy error: %s", exc)
-
-
-# ── 路由：HTTP 反向代理 ────────────────────────────────────────────────────────
-@app.api_route(
-    "/{path:path}",
-    methods=["GET", "POST", "PUT", "DELETE", "PATCH", "HEAD", "OPTIONS"],
-)
-async def http_proxy(request: Request, path: str) -> Response:
-    """HTTP 反向代理：需要 session，流式转发请求和响应。"""
-    if not _get_session(request):
-        if request.method == "GET":
-            dest = f"/{path}" if path else "/"
-            return RedirectResponse(f"/login?next={dest}", status_code=302)
-        return Response("Unauthorized", status_code=401)
-
-    # 构建上游请求头
-    headers = {
-        k: v
-        for k, v in request.headers.items()
-        if k.lower() not in HOP_BY_HOP and k.lower() != "host"
-    }
-
-    url = f"/{path}"
-    if request.url.query:
-        url += f"?{request.url.query}"
-
-    # 读取请求体（对于大文件可换成流式，但原型够用）
-    body = await request.body()
-
-    upstream_req = _http_client.build_request(
-        request.method,
-        url,
-        headers=headers,
-        content=body,
-    )
-    upstream_resp = await _http_client.send(upstream_req, stream=True)
-
-    resp_headers = {
-        k: v
-        for k, v in upstream_resp.headers.items()
-        if k.lower() not in HOP_BY_HOP
-    }
-
-    return StreamingResponse(
-        upstream_resp.aiter_bytes(),
-        status_code=upstream_resp.status_code,
-        headers=resp_headers,
-        background=BackgroundTask(upstream_resp.aclose),
-    )

src/gateway.py

@@ -0,0 +1,1268 @@
+#!/usr/bin/env python3
+"""FastAPI 应用：登录鉴权、自研 GUI、翻译任务、内部 OpenAI 代理与计费。"""
+
+from __future__ import annotations
+
+import asyncio
+import contextlib
+import html
+import json
+import logging
+import os
+import secrets
+import shutil
+import sqlite3
+import threading
+import uuid
+from datetime import datetime, timezone
+from pathlib import Path
+from typing import Any, Optional
+
+import bcrypt
+import httpx
+from fastapi import Depends, FastAPI, File, Form, HTTPException, Request, UploadFile
+from fastapi.responses import (
+    FileResponse,
+    HTMLResponse,
+    JSONResponse,
+    RedirectResponse,
+    Response,
+)
+from itsdangerous import BadSignature, SignatureExpired, TimestampSigner
+from pdf2zh_next import BasicSettings
+from pdf2zh_next import OpenAISettings
+from pdf2zh_next import PDFSettings
+from pdf2zh_next import SettingsModel
+from pdf2zh_next import TranslationSettings
+from pdf2zh_next.high_level import do_translate_async_stream
+
+# ── 配置 ──────────────────────────────────────────────────────────────────────
+SESSION_COOKIE = "gw_session"
+SESSION_MAX_AGE = 86400  # 24 hours
+
+SECRET_KEY = os.environ.get("SESSION_SECRET") or secrets.token_hex(32)
+signer = TimestampSigner(SECRET_KEY)
+
+DATA_DIR = Path(os.environ.get("DATA_DIR", "/data"))
+UPLOAD_DIR = DATA_DIR / "uploads"
+JOB_DIR = DATA_DIR / "jobs"
+DB_PATH = DATA_DIR / "gateway.db"
+
+INTERNAL_OPENAI_BASE_URL = os.environ.get(
+    "INTERNAL_OPENAI_BASE_URL", "http://127.0.0.1:7860/internal/openai/v1"
+)
+OPENAI_UPSTREAM_CHAT_URL = os.environ.get(
+    "OPENAI_UPSTREAM_CHAT_URL", "https://api.openai.com/v1/chat/completions"
+)
+OPENAI_REAL_API_KEY = os.environ.get("OPENAI_API_KEY", "").strip()
+
+DEFAULT_MODEL = os.environ.get("DEFAULT_OPENAI_MODEL", "gpt-4o-mini").strip()
+DEFAULT_LANG_IN = os.environ.get("DEFAULT_LANG_IN", "en").strip()
+DEFAULT_LANG_OUT = os.environ.get("DEFAULT_LANG_OUT", "zh").strip()
+TRANSLATION_QPS = int(os.environ.get("TRANSLATION_QPS", "4"))
+
+INTERNAL_KEY_SALT = (os.environ.get("INTERNAL_KEY_SALT") or SECRET_KEY).strip()
+
+# 价格单位：USD / 1M tokens
+DEFAULT_INPUT_PRICE_PER_1M = float(
+    os.environ.get("OPENAI_DEFAULT_INPUT_PRICE_PER_1M", "0.15")
+)
+DEFAULT_OUTPUT_PRICE_PER_1M = float(
+    os.environ.get("OPENAI_DEFAULT_OUTPUT_PRICE_PER_1M", "0.60")
+)
+MODEL_PRICES_PER_1M: dict[str, tuple[float, float]] = {
+    "gpt-4o-mini": (0.15, 0.60),
+    "gpt-4.1-mini": (0.40, 1.60),
+    "gpt-4.1": (2.00, 8.00),
+    "gpt-4o": (2.50, 10.00),
+}
+
+LOCALHOSTS = frozenset({"127.0.0.1", "::1", "localhost"})
+
+logging.basicConfig(
+    level=logging.INFO,
+    format="%(asctime)s %(levelname)s %(name)s - %(message)s",
+)
+logger = logging.getLogger("gateway")
+
+
+# ── 用户加载与认证 ────────────────────────────────────────────────────────────
+def _load_users() -> dict[str, str]:
+    """从 BASIC_AUTH_USERS 加载用户名密码。"""
+    raw = os.environ.get("BASIC_AUTH_USERS", "").replace("\\n", "\n")
+    users: dict[str, str] = {}
+    for line in raw.splitlines():
+        line = line.strip()
+        if not line or line.startswith("#"):
+            continue
+        if ":" not in line:
+            logger.warning("Skipping invalid BASIC_AUTH_USERS line (no colon)")
+            continue
+        username, password = line.split(":", 1)
+        username = username.strip()
+        password = password.strip()
+        if username and password:
+            users[username] = password
+    if not users:
+        logger.error("No valid users found — authentication will always fail")
+    return users
+
+
+USERS = _load_users()
+INTERNAL_KEY_NAMESPACE = uuid.uuid5(uuid.NAMESPACE_DNS, INTERNAL_KEY_SALT)
+
+
+def _make_internal_api_key(username: str) -> str:
+    """基于用户名生成稳定内部 Key（仅服务端使用）。"""
+    value = uuid.uuid5(INTERNAL_KEY_NAMESPACE, username)
+    return f"sk-{value}"
+
+
+INTERNAL_KEY_TO_USER = {
+    _make_internal_api_key(username): username for username in USERS.keys()
+}
+
+
+def _verify_credentials(username: str, password: str) -> bool:
+    """验证用户名密码，支持明文与 bcrypt。"""
+    stored = USERS.get(username)
+    if stored is None:
+        return False
+    if stored.startswith("$2"):
+        return bcrypt.checkpw(password.encode(), stored.encode())
+    return secrets.compare_digest(stored, password)
+
+
+# ── Session ──────────────────────────────────────────────────────────────────
+def _make_session(username: str) -> str:
+    return signer.sign(username).decode()
+
+
+def _verify_session(token: str) -> Optional[str]:
+    try:
+        username = signer.unsign(token, max_age=SESSION_MAX_AGE).decode()
+    except (BadSignature, SignatureExpired):
+        return None
+    if username not in USERS:
+        return None
+    return username
+
+
+def _get_session_user(request: Request) -> Optional[str]:
+    token = request.cookies.get(SESSION_COOKIE)
+    return _verify_session(token) if token else None
+
+
+def _require_user(request: Request) -> str:
+    username = _get_session_user(request)
+    if not username:
+        raise HTTPException(status_code=401, detail="Unauthorized")
+    return username
+
+
+# ── 存储层 ───────────────────────────────────────────────────────────────────
+_db_lock = threading.Lock()
+_db_conn: sqlite3.Connection | None = None
+
+
+def _now_iso() -> str:
+    return datetime.now(timezone.utc).isoformat()
+
+
+def _ensure_data_dirs() -> None:
+    UPLOAD_DIR.mkdir(parents=True, exist_ok=True)
+    JOB_DIR.mkdir(parents=True, exist_ok=True)
+
+
+def _init_db() -> None:
+    global _db_conn
+    _ensure_data_dirs()
+    conn = sqlite3.connect(DB_PATH, check_same_thread=False)
+    conn.row_factory = sqlite3.Row
+    with conn:
+        conn.execute(
+            """
+            CREATE TABLE IF NOT EXISTS jobs (
+                id TEXT PRIMARY KEY,
+                username TEXT NOT NULL,
+                filename TEXT NOT NULL,
+                input_path TEXT NOT NULL,
+                output_dir TEXT NOT NULL,
+                status TEXT NOT NULL,
+                progress REAL NOT NULL DEFAULT 0,
+                message TEXT,
+                error TEXT,
+                model TEXT NOT NULL,
+                lang_in TEXT NOT NULL,
+                lang_out TEXT NOT NULL,
+                cancel_requested INTEGER NOT NULL DEFAULT 0,
+                mono_pdf_path TEXT,
+                dual_pdf_path TEXT,
+                glossary_path TEXT,
+                created_at TEXT NOT NULL,
+                updated_at TEXT NOT NULL,
+                started_at TEXT,
+                finished_at TEXT
+            )
+            """
+        )
+        conn.execute(
+            """
+            CREATE TABLE IF NOT EXISTS usage_records (
+                id INTEGER PRIMARY KEY AUTOINCREMENT,
+                username TEXT NOT NULL,
+                job_id TEXT,
+                model TEXT NOT NULL,
+                prompt_tokens INTEGER NOT NULL,
+                completion_tokens INTEGER NOT NULL,
+                total_tokens INTEGER NOT NULL,
+                cost_usd REAL NOT NULL,
+                created_at TEXT NOT NULL
+            )
+            """
+        )
+        conn.execute(
+            """
+            CREATE INDEX IF NOT EXISTS idx_jobs_user_time
+            ON jobs(username, created_at DESC)
+            """
+        )
+        conn.execute(
+            """
+            CREATE INDEX IF NOT EXISTS idx_usage_user_time
+            ON usage_records(username, created_at DESC)
+            """
+        )
+    _db_conn = conn
+
+
+def _db_execute(sql: str, params: tuple[Any, ...] = ()) -> None:
+    if _db_conn is None:
+        raise RuntimeError("DB is not initialized")
+    with _db_lock, _db_conn:
+        _db_conn.execute(sql, params)
+
+
+def _db_fetchone(sql: str, params: tuple[Any, ...] = ()) -> sqlite3.Row | None:
+    if _db_conn is None:
+        raise RuntimeError("DB is not initialized")
+    with _db_lock:
+        return _db_conn.execute(sql, params).fetchone()
+
+
+def _db_fetchall(sql: str, params: tuple[Any, ...] = ()) -> list[sqlite3.Row]:
+    if _db_conn is None:
+        raise RuntimeError("DB is not initialized")
+    with _db_lock:
+        return _db_conn.execute(sql, params).fetchall()
+
+
+def _update_job(job_id: str, **fields: Any) -> None:
+    if not fields:
+        return
+    fields["updated_at"] = _now_iso()
+    set_clause = ", ".join(f"{k} = ?" for k in fields.keys())
+    params = tuple(fields.values()) + (job_id,)
+    _db_execute(f"UPDATE jobs SET {set_clause} WHERE id = ?", params)
+
+
+def _row_to_job_dict(row: sqlite3.Row) -> dict[str, Any]:
+    job = dict(row)
+    job["artifact_urls"] = {
+        "mono": f"/api/jobs/{job['id']}/artifacts/mono"
+        if job.get("mono_pdf_path")
+        else None,
+        "dual": f"/api/jobs/{job['id']}/artifacts/dual"
+        if job.get("dual_pdf_path")
+        else None,
+        "glossary": f"/api/jobs/{job['id']}/artifacts/glossary"
+        if job.get("glossary_path")
+        else None,
+    }
+    return job
+
+
+# ── 任务执行 ───────────────────────────────────────────────────────────────────
+_job_queue: asyncio.Queue[str] = asyncio.Queue()
+_worker_task: asyncio.Task[None] | None = None
+_running_tasks: dict[str, asyncio.Task[None]] = {}
+_active_job_by_user: dict[str, str] = {}
+
+
+def _calc_cost_usd(model: str, prompt_tokens: int, completion_tokens: int) -> float:
+    model_rates = MODEL_PRICES_PER_1M.get(model, None)
+    if model_rates is None:
+        in_rate = DEFAULT_INPUT_PRICE_PER_1M
+        out_rate = DEFAULT_OUTPUT_PRICE_PER_1M
+    else:
+        in_rate, out_rate = model_rates
+
+    cost = (prompt_tokens * in_rate + completion_tokens * out_rate) / 1_000_000.0
+    return round(cost, 8)
+
+
+def _record_usage(
+    *,
+    username: str,
+    job_id: str | None,
+    model: str,
+    prompt_tokens: int,
+    completion_tokens: int,
+    total_tokens: int,
+) -> None:
+    cost_usd = _calc_cost_usd(model, prompt_tokens, completion_tokens)
+    _db_execute(
+        """
+        INSERT INTO usage_records(
+            username, job_id, model,
+            prompt_tokens, completion_tokens, total_tokens,
+            cost_usd, created_at
+        ) VALUES (?, ?, ?, ?, ?, ?, ?, ?)
+        """,
+        (
+            username,
+            job_id,
+            model,
+            prompt_tokens,
+            completion_tokens,
+            total_tokens,
+            cost_usd,
+            _now_iso(),
+        ),
+    )
+
+
+def _build_settings_for_job(row: sqlite3.Row) -> SettingsModel:
+    username = row["username"]
+    internal_key = _make_internal_api_key(username)
+
+    settings = SettingsModel(
+        basic=BasicSettings(debug=False, gui=False),
+        translation=TranslationSettings(
+            lang_in=row["lang_in"],
+            lang_out=row["lang_out"],
+            output=row["output_dir"],
+            qps=TRANSLATION_QPS,
+        ),
+        pdf=PDFSettings(),
+        translate_engine_settings=OpenAISettings(
+            openai_model=row["model"],
+            openai_base_url=INTERNAL_OPENAI_BASE_URL,
+            openai_api_key=internal_key,
+        ),
+    )
+    settings.validate_settings()
+    return settings
+
+
+async def _run_single_job(job_id: str) -> None:
+    row = _db_fetchone("SELECT * FROM jobs WHERE id = ?", (job_id,))
+    if row is None:
+        return
+    if row["status"] != "queued":
+        return
+    if row["cancel_requested"]:
+        _update_job(job_id, status="cancelled", message="Cancelled before start")
+        return
+
+    username = row["username"]
+    _update_job(
+        job_id,
+        status="running",
+        started_at=_now_iso(),
+        message="Translation started",
+        progress=0.0,
+    )
+    _active_job_by_user[username] = job_id
+
+    input_path = Path(row["input_path"])
+    output_dir = Path(row["output_dir"])
+
+    try:
+        settings = _build_settings_for_job(row)
+        async for event in do_translate_async_stream(settings, input_path):
+            event_type = event.get("type")
+            if event_type in {"progress_start", "progress_update", "progress_end"}:
+                progress = float(event.get("overall_progress", 0.0))
+                stage = event.get("stage", "")
+                _update_job(
+                    job_id,
+                    progress=max(0.0, min(100.0, progress)),
+                    message=f"{stage}" if stage else "Running",
+                )
+            elif event_type == "error":
+                error_msg = str(event.get("error", "Unknown translation error"))
+                _update_job(
+                    job_id,
+                    status="failed",
+                    error=error_msg,
+                    message="Translation failed",
+                    finished_at=_now_iso(),
+                )
+                return
+            elif event_type == "finish":
+                result = event.get("translate_result")
+                mono_path = str(getattr(result, "mono_pdf_path", "") or "")
+                dual_path = str(getattr(result, "dual_pdf_path", "") or "")
+                glossary_path = str(
+                    getattr(result, "auto_extracted_glossary_path", "") or ""
+                )
+
+                # 兜底：如果路径为空，尝试在输出目录中扫描常见文件
+                if not mono_path or not dual_path:
+                    files = list(output_dir.glob("*.pdf"))
+                    for file in files:
+                        name = file.name.lower()
+                        if ".mono.pdf" in name and not mono_path:
+                            mono_path = str(file)
+                        elif ".dual.pdf" in name and not dual_path:
+                            dual_path = str(file)
+
+                _update_job(
+                    job_id,
+                    status="succeeded",
+                    progress=100.0,
+                    message="Translation finished",
+                    finished_at=_now_iso(),
+                    mono_pdf_path=mono_path or None,
+                    dual_pdf_path=dual_path or None,
+                    glossary_path=glossary_path or None,
+                )
+                return
+
+        _update_job(
+            job_id,
+            status="failed",
+            error="Translation stream ended unexpectedly",
+            message="Translation failed",
+            finished_at=_now_iso(),
+        )
+    except asyncio.CancelledError:
+        _update_job(
+            job_id,
+            status="cancelled",
+            message="Cancelled by user",
+            finished_at=_now_iso(),
+        )
+        raise
+    except Exception as exc:  # noqa: BLE001
+        logger.exception("Translation job failed: %s", job_id)
+        _update_job(
+            job_id,
+            status="failed",
+            error=str(exc),
+            message="Translation failed",
+            finished_at=_now_iso(),
+        )
+    finally:
+        if _active_job_by_user.get(username) == job_id:
+            _active_job_by_user.pop(username, None)
+
+
+async def _job_worker() -> None:
+    logger.info("Job worker started")
+    while True:
+        job_id = await _job_queue.get()
+        try:
+            task = asyncio.create_task(_run_single_job(job_id), name=f"job-{job_id}")
+            _running_tasks[job_id] = task
+            await task
+        except asyncio.CancelledError:
+            raise
+        except Exception:  # noqa: BLE001
+            logger.exception("Unhandled worker error for job=%s", job_id)
+        finally:
+            _running_tasks.pop(job_id, None)
+            _job_queue.task_done()
+
+
+def _enqueue_pending_jobs() -> None:
+    # 服务重启后，正在运行中的任务标记失败。
+    restart_time = _now_iso()
+    _db_execute(
+        """
+        UPDATE jobs
+        SET status='failed',
+            error='Service restarted while running',
+            message='Failed due to restart',
+            finished_at=?,
+            updated_at=?
+        WHERE status='running'
+        """,
+        (restart_time, restart_time),
+    )
+
+    rows = _db_fetchall(
+        "SELECT id FROM jobs WHERE status='queued' ORDER BY created_at ASC"
+    )
+    for row in rows:
+        _job_queue.put_nowait(row["id"])
+
+
+# ── 页面模板 ───────────────────────────────────────────────────────────────────
+_LOGIN_HTML = """\
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>Sign In</title>
+<style>
+  *, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }
+  body {
+    min-height: 100vh;
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    background: linear-gradient(135deg, #f0f2f5 0%, #e4e8f0 100%);
+    font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;
+  }
+  .card {
+    background: #fff;
+    border-radius: 14px;
+    box-shadow: 0 6px 32px rgba(0, 0, 0, 0.10);
+    padding: 44px 40px;
+    width: 100%;
+    max-width: 400px;
+  }
+  h1 { font-size: 1.5rem; font-weight: 700; color: #111827; margin-bottom: 6px; }
+  p.sub { font-size: 0.875rem; color: #6b7280; margin-bottom: 30px; }
+  label { display: block; font-size: 0.8rem; font-weight: 600; color: #374151; margin-bottom: 6px; }
+  input[type=text], input[type=password] {
+    width: 100%;
+    padding: 11px 14px;
+    border: 1.5px solid #e5e7eb;
+    border-radius: 8px;
+    font-size: 0.95rem;
+    outline: none;
+    transition: border-color 0.15s;
+    margin-bottom: 20px;
+    color: #111827;
+  }
+  input:focus { border-color: #4f6ef7; box-shadow: 0 0 0 3px rgba(79,110,247,0.12); }
+  button {
+    width: 100%;
+    padding: 12px;
+    background: linear-gradient(135deg, #4f6ef7 0%, #3b5bdb 100%);
+    color: #fff;
+    border: none;
+    border-radius: 8px;
+    font-size: 1rem;
+    font-weight: 600;
+    cursor: pointer;
+    transition: opacity 0.15s;
+  }
+  button:hover { opacity: 0.88; }
+  .error {
+    background: #fef2f2;
+    border: 1.5px solid #fecaca;
+    border-radius: 8px;
+    padding: 10px 14px;
+    font-size: 0.875rem;
+    color: #dc2626;
+    margin-bottom: 20px;
+  }
+</style>
+</head>
+<body>
+<div class="card">
+  <h1>Welcome back</h1>
+  <p class="sub">Sign in to continue</p>
+  __ERROR_BLOCK__
+  <form method="post" action="/login">
+    <label for="u">Username</label>
+    <input id="u" type="text" name="username" autocomplete="username" required autofocus>
+    <label for="p">Password</label>
+    <input id="p" type="password" name="password" autocomplete="current-password" required>
+    <button type="submit">Sign in</button>
+  </form>
+</div>
+</body>
+</html>
+"""
+
+
+def _login_page(error: str = "") -> str:
+    error_block = f'<div class="error">{html.escape(error)}</div>' if error else ""
+    return _LOGIN_HTML.replace("__ERROR_BLOCK__", error_block)
+
+
+def _dashboard_page(username: str) -> str:
+    safe_user = html.escape(username)
+    safe_model = html.escape(DEFAULT_MODEL)
+    safe_lang_in = html.escape(DEFAULT_LANG_IN)
+    safe_lang_out = html.escape(DEFAULT_LANG_OUT)
+
+    return f"""<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+  <title>PDF Translation Console</title>
+  <style>
+    :root {{
+      --bg: #f4f7fb;
+      --card: #ffffff;
+      --ink: #0f172a;
+      --sub: #475569;
+      --line: #dbe3ee;
+      --brand: #0f766e;
+      --brand-dark: #115e59;
+      --danger: #b91c1c;
+    }}
+    * {{ box-sizing: border-box; }}
+    body {{
+      margin: 0;
+      color: var(--ink);
+      background: radial-gradient(circle at 15% -20%, #d5f3ef 0, #f4f7fb 52%);
+      font-family: "Segoe UI", Tahoma, Geneva, Verdana, sans-serif;
+    }}
+    .wrap {{ max-width: 1100px; margin: 24px auto; padding: 0 16px 40px; }}
+    .top {{
+      display: flex;
+      align-items: center;
+      justify-content: space-between;
+      margin-bottom: 16px;
+    }}
+    h1 {{ margin: 0; font-size: 1.5rem; }}
+    .user {{ color: var(--sub); font-size: 0.95rem; }}
+    .grid {{ display: grid; grid-template-columns: 1fr 1fr; gap: 14px; }}
+    .card {{
+      background: var(--card);
+      border: 1px solid var(--line);
+      border-radius: 14px;
+      box-shadow: 0 10px 28px rgba(17, 24, 39, 0.06);
+      padding: 16px;
+    }}
+    .card h2 {{ margin: 0 0 10px; font-size: 1.03rem; }}
+    .row {{ display: grid; grid-template-columns: 1fr 1fr; gap: 10px; }}
+    label {{ display: block; margin: 10px 0 6px; font-size: 0.86rem; color: var(--sub); }}
+    input[type=text], select, input[type=file] {{
+      width: 100%; padding: 10px 12px; border-radius: 8px;
+      border: 1px solid var(--line); background: #fff; color: var(--ink);
+    }}
+    button {{
+      border: none; border-radius: 9px; padding: 10px 14px;
+      font-weight: 600; cursor: pointer;
+    }}
+    .primary {{ background: var(--brand); color: #fff; }}
+    .primary:hover {{ background: var(--brand-dark); }}
+    .muted {{ background: #e2e8f0; color: #0f172a; }}
+    .danger {{ background: #fee2e2; color: var(--danger); }}
+    .hint {{ margin-top: 8px; color: var(--sub); font-size: 0.84rem; }}
+    .status {{ margin-top: 10px; min-height: 22px; font-size: 0.9rem; }}
+    table {{ width: 100%; border-collapse: collapse; margin-top: 8px; font-size: 0.88rem; }}
+    th, td {{ border-bottom: 1px solid var(--line); text-align: left; padding: 8px 6px; }}
+    th {{ color: var(--sub); font-weight: 600; }}
+    .mono {{ font-family: ui-monospace, SFMono-Regular, Menlo, Consolas, monospace; font-size: 0.8rem; }}
+    .actions button {{ margin-right: 6px; margin-bottom: 4px; }}
+    .foot {{ margin-top: 20px; color: var(--sub); font-size: 0.82rem; }}
+    @media (max-width: 900px) {{
+      .grid {{ grid-template-columns: 1fr; }}
+      .row {{ grid-template-columns: 1fr; }}
+    }}
+  </style>
+</head>
+<body>
+<div class="wrap">
+  <div class="top">
+    <div>
+      <h1>PDF Translation Console</h1>
+      <div class="user">Signed in as <strong>{safe_user}</strong></div>
+    </div>
+    <div><a href="/logout"><button class="muted">Sign out</button></a></div>
+  </div>
+
+  <div class="grid">
+    <section class="card">
+      <h2>New Job</h2>
+      <form id="jobForm">
+        <label>PDF File</label>
+        <input name="file" type="file" accept=".pdf" required />
+
+        <div class="row">
+          <div>
+            <label>Source Language</label>
+            <input name="lang_in" type="text" value="{safe_lang_in}" required />
+          </div>
+          <div>
+            <label>Target Language</label>
+            <input name="lang_out" type="text" value="{safe_lang_out}" required />
+          </div>
+        </div>
+
+        <label>OpenAI Model</label>
+        <input name="model" type="text" value="{safe_model}" required />
+
+        <div style="margin-top: 12px;">
+          <button class="primary" type="submit">Submit Job</button>
+        </div>
+      </form>
+      <div class="hint">Billing is based on your login user and OpenAI token usage.</div>
+      <div id="jobStatus" class="status"></div>
+    </section>
+
+    <section class="card">
+      <h2>My Billing</h2>
+      <div id="billingSummary" class="mono">Loading...</div>
+      <table>
+        <thead>
+          <tr>
+            <th>Time (UTC)</th>
+            <th>Model</th>
+            <th>Prompt</th>
+            <th>Completion</th>
+            <th>Total</th>
+            <th>Cost (USD)</th>
+          </tr>
+        </thead>
+        <tbody id="billingBody"></tbody>
+      </table>
+    </section>
+  </div>
+
+  <section class="card" style="margin-top: 14px;">
+    <h2>My Jobs</h2>
+    <table>
+      <thead>
+        <tr>
+          <th>ID</th>
+          <th>File</th>
+          <th>Status</th>
+          <th>Progress</th>
+          <th>Model</th>
+          <th>Updated (UTC)</th>
+          <th>Actions</th>
+        </tr>
+      </thead>
+      <tbody id="jobsBody"></tbody>
+    </table>
+  </section>
+
+  <div class="foot">Internal OpenAI endpoint is localhost-only and not exposed to end users.</div>
+</div>
+
+<script>
+async function apiJson(url, options = undefined) {{
+  const resp = await fetch(url, options);
+  if (!resp.ok) {{
+    const data = await resp.text();
+    throw new Error(data || `HTTP ${{resp.status}}`);
+  }}
+  return resp.json();
+}}
+
+function esc(s) {{
+  return String(s || "").replace(/[&<>"']/g, (c) => ({{
+    '&': '&amp;',
+    '<': '&lt;',
+    '>': '&gt;',
+    '"': '&quot;',
+    "'": '&#39;'
+  }})[c]);
+}}
+
+async function refreshBilling() {{
+  const summary = await apiJson('/api/billing/me');
+  const rows = await apiJson('/api/billing/me/records?limit=20');
+
+  document.getElementById('billingSummary').textContent =
+    `total_tokens=${{summary.total_tokens}} | total_cost_usd=${{Number(summary.total_cost_usd).toFixed(6)}}`;
+
+  const body = document.getElementById('billingBody');
+  body.innerHTML = '';
+  for (const r of rows.records) {{
+    const tr = document.createElement('tr');
+    tr.innerHTML = `
+      <td>${{esc(r.created_at)}}</td>
+      <td class="mono">${{esc(r.model)}}</td>
+      <td>${{r.prompt_tokens}}</td>
+      <td>${{r.completion_tokens}}</td>
+      <td>${{r.total_tokens}}</td>
+      <td>${{Number(r.cost_usd).toFixed(6)}}</td>
+    `;
+    body.appendChild(tr);
+  }}
+}}
+
+function actionButtons(job) {{
+  const actions = [];
+  if (job.status === 'queued' || job.status === 'running') {{
+    actions.push(`<button class="danger" onclick="cancelJob('${{job.id}}')">Cancel</button>`);
+  }}
+  if (job.artifact_urls?.mono) {{
+    actions.push(`<a href="${{job.artifact_urls.mono}}"><button class="muted">Mono</button></a>`);
+  }}
+  if (job.artifact_urls?.dual) {{
+    actions.push(`<a href="${{job.artifact_urls.dual}}"><button class="muted">Dual</button></a>`);
+  }}
+  if (job.artifact_urls?.glossary) {{
+    actions.push(`<a href="${{job.artifact_urls.glossary}}"><button class="muted">Glossary</button></a>`);
+  }}
+  return actions.join(' ');
+}}
+
+async function refreshJobs() {{
+  const data = await apiJson('/api/jobs?limit=50');
+  const body = document.getElementById('jobsBody');
+  body.innerHTML = '';
+
+  for (const job of data.jobs) {{
+    const tr = document.createElement('tr');
+    tr.innerHTML = `
+      <td class="mono">${{esc(job.id)}}</td>
+      <td>${{esc(job.filename)}}</td>
+      <td>${{esc(job.status)}}${{job.error ? ' / ' + esc(job.error) : ''}}</td>
+      <td>${{Number(job.progress).toFixed(1)}}%</td>
+      <td class="mono">${{esc(job.model)}}</td>
+      <td class="mono">${{esc(job.updated_at)}}</td>
+      <td class="actions">${{actionButtons(job)}}</td>
+    `;
+    body.appendChild(tr);
+  }}
+}}
+
+async function cancelJob(jobId) {{
+  try {{
+    await apiJson(`/api/jobs/${{jobId}}/cancel`, {{ method: 'POST' }});
+    await refreshJobs();
+  }} catch (err) {{
+    alert(`Cancel failed: ${{err.message}}`);
+  }}
+}}
+
+document.getElementById('jobForm').addEventListener('submit', async (event) => {{
+  event.preventDefault();
+  const status = document.getElementById('jobStatus');
+  status.textContent = 'Submitting...';
+
+  const formData = new FormData(event.target);
+  try {{
+    const created = await apiJson('/api/jobs', {{ method: 'POST', body: formData }});
+    status.textContent = `Job queued: ${{created.job.id}}`;
+    event.target.reset();
+    await refreshJobs();
+  }} catch (err) {{
+    status.textContent = `Submit failed: ${{err.message}}`;
+  }}
+}});
+
+async function refreshAll() {{
+  await Promise.all([refreshJobs(), refreshBilling()]);
+}}
+
+refreshAll();
+setInterval(refreshAll, 3000);
+</script>
+</body>
+</html>
+"""
+
+
+# ── FastAPI App ───────────────────────────────────────────────────────────────
+app = FastAPI(docs_url=None, redoc_url=None, openapi_url=None)
+_http_client: httpx.AsyncClient | None = None
+
+
+@app.on_event("startup")
+async def _startup() -> None:
+    global _http_client, _worker_task
+
+    _init_db()
+    _enqueue_pending_jobs()
+
+    _http_client = httpx.AsyncClient(timeout=httpx.Timeout(180.0))
+    _worker_task = asyncio.create_task(_job_worker(), name="job-worker")
+
+    if not OPENAI_REAL_API_KEY:
+        logger.warning("OPENAI_API_KEY is empty, translation jobs will fail")
+
+    logger.info("Gateway started. Data dir: %s", DATA_DIR)
+
+
+@app.on_event("shutdown")
+async def _shutdown() -> None:
+    global _worker_task, _http_client
+
+    if _worker_task:
+        _worker_task.cancel()
+        with contextlib.suppress(asyncio.CancelledError):
+            await _worker_task
+        _worker_task = None
+
+    for task in list(_running_tasks.values()):
+        task.cancel()
+
+    if _http_client:
+        await _http_client.aclose()
+        _http_client = None
+
+    if _db_conn:
+        _db_conn.close()
+
+
+# ── 路由：基础与认证 ───────────────────────────────────────────────────────────
+@app.get("/healthz")
+async def healthz() -> Response:
+    return Response("ok", media_type="text/plain")
+
+
+@app.get("/login", response_class=HTMLResponse)
+async def login_page(request: Request) -> HTMLResponse:
+    if _get_session_user(request):
+        return RedirectResponse("/", status_code=302)
+    return HTMLResponse(_login_page())
+
+
+@app.post("/login")
+async def login(
+    request: Request,
+    username: str = Form(...),
+    password: str = Form(...),
+) -> Response:
+    next_url = request.query_params.get("next", "/")
+    if _verify_credentials(username, password):
+        token = _make_session(username)
+        resp = RedirectResponse(next_url, status_code=303)
+        resp.set_cookie(
+            SESSION_COOKIE,
+            token,
+            max_age=SESSION_MAX_AGE,
+            httponly=True,
+            samesite="lax",
+        )
+        logger.info("Login successful: %s", username)
+        return resp
+
+    logger.warning("Login failed: %s", username)
+    return HTMLResponse(_login_page("Invalid username or password."), status_code=401)
+
+
+@app.get("/logout")
+async def logout() -> Response:
+    resp = RedirectResponse("/login", status_code=302)
+    resp.delete_cookie(SESSION_COOKIE)
+    return resp
+
+
+@app.get("/", response_class=HTMLResponse)
+async def index(request: Request) -> Response:
+    username = _get_session_user(request)
+    if not username:
+        return RedirectResponse("/login", status_code=302)
+    return HTMLResponse(_dashboard_page(username))
+
+
+# ── 路由：任务 API ─────────────────────────────────────────────────────────────
+@app.get("/api/me")
+async def api_me(username: str = Depends(_require_user)) -> dict[str, str]:
+    return {"username": username}
+
+
+@app.get("/api/jobs")
+async def api_list_jobs(
+    limit: int = 50,
+    username: str = Depends(_require_user),
+) -> dict[str, Any]:
+    limit = max(1, min(limit, 200))
+    rows = _db_fetchall(
+        """
+        SELECT * FROM jobs
+        WHERE username = ?
+        ORDER BY created_at DESC
+        LIMIT ?
+        """,
+        (username, limit),
+    )
+    return {"jobs": [_row_to_job_dict(row) for row in rows]}
+
+
+@app.get("/api/jobs/{job_id}")
+async def api_get_job(job_id: str, username: str = Depends(_require_user)) -> dict[str, Any]:
+    row = _db_fetchone(
+        "SELECT * FROM jobs WHERE id = ? AND username = ?",
+        (job_id, username),
+    )
+    if row is None:
+        raise HTTPException(status_code=404, detail="Job not found")
+    return {"job": _row_to_job_dict(row)}
+
+
+@app.post("/api/jobs")
+async def api_create_job(
+    file: UploadFile = File(...),
+    lang_in: str = Form(DEFAULT_LANG_IN),
+    lang_out: str = Form(DEFAULT_LANG_OUT),
+    model: str = Form(DEFAULT_MODEL),
+    username: str = Depends(_require_user),
+) -> dict[str, Any]:
+    filename = file.filename or "input.pdf"
+    if not filename.lower().endswith(".pdf"):
+        raise HTTPException(status_code=400, detail="Only PDF file is allowed")
+
+    if not model.strip():
+        raise HTTPException(status_code=400, detail="Model is required")
+
+    job_id = uuid.uuid4().hex
+    safe_filename = Path(filename).name
+    input_path = (UPLOAD_DIR / f"{job_id}.pdf").resolve()
+    output_dir = (JOB_DIR / job_id).resolve()
+    output_dir.mkdir(parents=True, exist_ok=True)
+
+    try:
+        with input_path.open("wb") as f:
+            shutil.copyfileobj(file.file, f)
+    finally:
+        await file.close()
+
+    now = _now_iso()
+    _db_execute(
+        """
+        INSERT INTO jobs(
+            id, username, filename, input_path, output_dir,
+            status, progress, message, error,
+            model, lang_in, lang_out,
+            cancel_requested,
+            created_at, updated_at
+        ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+        """,
+        (
+            job_id,
+            username,
+            safe_filename,
+            str(input_path),
+            str(output_dir),
+            "queued",
+            0.0,
+            "Queued",
+            None,
+            model.strip(),
+            lang_in.strip() or DEFAULT_LANG_IN,
+            lang_out.strip() or DEFAULT_LANG_OUT,
+            0,
+            now,
+            now,
+        ),
+    )
+
+    await _job_queue.put(job_id)
+    row = _db_fetchone("SELECT * FROM jobs WHERE id = ?", (job_id,))
+    return {"job": _row_to_job_dict(row)}
+
+
+@app.post("/api/jobs/{job_id}/cancel")
+async def api_cancel_job(
+    job_id: str,
+    username: str = Depends(_require_user),
+) -> dict[str, Any]:
+    row = _db_fetchone(
+        "SELECT * FROM jobs WHERE id = ? AND username = ?",
+        (job_id, username),
+    )
+    if row is None:
+        raise HTTPException(status_code=404, detail="Job not found")
+
+    status = row["status"]
+    if status in {"succeeded", "failed", "cancelled"}:
+        return {"status": status, "message": "Job already finished"}
+
+    _update_job(job_id, cancel_requested=1, message="Cancel requested")
+    if status == "queued":
+        _update_job(job_id, status="cancelled", finished_at=_now_iso(), progress=0.0)
+        return {"status": "cancelled", "message": "Job cancelled"}
+
+    task = _running_tasks.get(job_id)
+    if task:
+        task.cancel()
+
+    return {"status": "cancelling", "message": "Cancellation requested"}
+
+
+def _resolve_artifact_path(raw_path: str | None, output_dir: Path) -> Path | None:
+    if not raw_path:
+        return None
+    path = Path(raw_path)
+    if not path.is_absolute():
+        path = (output_dir / path).resolve()
+    else:
+        path = path.resolve()
+
+    if not path.exists():
+        return None
+
+    try:
+        path.relative_to(output_dir)
+    except ValueError:
+        return None
+    return path
+
+
+@app.get("/api/jobs/{job_id}/artifacts/{artifact_type}")
+async def api_download_artifact(
+    job_id: str,
+    artifact_type: str,
+    username: str = Depends(_require_user),
+) -> Response:
+    row = _db_fetchone(
+        "SELECT * FROM jobs WHERE id = ? AND username = ?",
+        (job_id, username),
+    )
+    if row is None:
+        raise HTTPException(status_code=404, detail="Job not found")
+
+    col_map = {
+        "mono": "mono_pdf_path",
+        "dual": "dual_pdf_path",
+        "glossary": "glossary_path",
+    }
+    column = col_map.get(artifact_type)
+    if column is None:
+        raise HTTPException(status_code=404, detail="Unknown artifact")
+
+    output_dir = Path(row["output_dir"]).resolve()
+    path = _resolve_artifact_path(row[column], output_dir)
+    if path is None:
+        raise HTTPException(status_code=404, detail="Artifact not found")
+
+    return FileResponse(path)
+
+
+# ── 路由：计费 API ─────────────────────────────────────────────────────────────
+@app.get("/api/billing/me")
+async def api_billing_summary(username: str = Depends(_require_user)) -> dict[str, Any]:
+    row = _db_fetchone(
+        """
+        SELECT
+            COALESCE(SUM(prompt_tokens), 0) AS prompt_tokens,
+            COALESCE(SUM(completion_tokens), 0) AS completion_tokens,
+            COALESCE(SUM(total_tokens), 0) AS total_tokens,
+            COALESCE(SUM(cost_usd), 0) AS total_cost_usd
+        FROM usage_records
+        WHERE username = ?
+        """,
+        (username,),
+    )
+    return {
+        "username": username,
+        "prompt_tokens": row["prompt_tokens"],
+        "completion_tokens": row["completion_tokens"],
+        "total_tokens": row["total_tokens"],
+        "total_cost_usd": round(float(row["total_cost_usd"]), 8),
+    }
+
+
+@app.get("/api/billing/me/records")
+async def api_billing_records(
+    limit: int = 50,
+    username: str = Depends(_require_user),
+) -> dict[str, Any]:
+    limit = max(1, min(limit, 200))
+    rows = _db_fetchall(
+        """
+        SELECT
+            id, username, job_id, model,
+            prompt_tokens, completion_tokens, total_tokens,
+            cost_usd, created_at
+        FROM usage_records
+        WHERE username = ?
+        ORDER BY created_at DESC
+        LIMIT ?
+        """,
+        (username, limit),
+    )
+    return {
+        "records": [dict(row) for row in rows],
+    }
+
+
+# ── 路由：内部 OpenAI 兼容接口 ────────────────────────────────────────────────
+def _extract_bearer_token(request: Request) -> str:
+    header = request.headers.get("authorization", "")
+    if not header.lower().startswith("bearer "):
+        raise HTTPException(status_code=401, detail="Missing bearer token")
+    token = header[7:].strip()
+    if not token:
+        raise HTTPException(status_code=401, detail="Missing bearer token")
+    return token
+
+
+def _require_localhost(request: Request) -> None:
+    client = request.client
+    host = client.host if client else ""
+    if host not in LOCALHOSTS:
+        raise HTTPException(status_code=403, detail="Internal endpoint only")
+
+
+@app.post("/internal/openai/v1/chat/completions")
+async def internal_openai_chat_completions(request: Request) -> Response:
+    _require_localhost(request)
+    token = _extract_bearer_token(request)
+
+    username = INTERNAL_KEY_TO_USER.get(token)
+    if not username:
+        raise HTTPException(status_code=401, detail="Invalid internal API key")
+
+    if not OPENAI_REAL_API_KEY:
+        raise HTTPException(status_code=500, detail="OPENAI_API_KEY is not configured")
+
+    try:
+        payload = await request.json()
+    except json.JSONDecodeError as exc:
+        raise HTTPException(status_code=400, detail=f"Invalid JSON body: {exc}") from exc
+
+    if payload.get("stream"):
+        raise HTTPException(status_code=400, detail="stream=true is not supported")
+
+    if _http_client is None:
+        raise HTTPException(status_code=500, detail="HTTP client is not ready")
+
+    headers = {
+        "Authorization": f"Bearer {OPENAI_REAL_API_KEY}",
+        "Content-Type": "application/json",
+    }
+
+    try:
+        upstream = await _http_client.post(
+            OPENAI_UPSTREAM_CHAT_URL,
+            headers=headers,
+            json=payload,
+        )
+    except httpx.HTTPError as exc:
+        logger.error("Upstream OpenAI call failed: %s", exc)
+        raise HTTPException(status_code=502, detail="Upstream OpenAI request failed") from exc
+
+    content_type = upstream.headers.get("content-type", "")
+
+    response_json: dict[str, Any] | None = None
+    if "application/json" in content_type.lower():
+        try:
+            response_json = upstream.json()
+        except Exception:  # noqa: BLE001
+            response_json = None
+
+    if upstream.status_code < 400 and response_json is not None:
+        usage = response_json.get("usage") or {}
+        prompt_tokens = int(usage.get("prompt_tokens") or 0)
+        completion_tokens = int(usage.get("completion_tokens") or 0)
+        total_tokens = int(usage.get("total_tokens") or (prompt_tokens + completion_tokens))
+
+        model = str(response_json.get("model") or payload.get("model") or "unknown")
+        job_id = _active_job_by_user.get(username)
+
+        _record_usage(
+            username=username,
+            job_id=job_id,
+            model=model,
+            prompt_tokens=prompt_tokens,
+            completion_tokens=completion_tokens,
+            total_tokens=total_tokens,
+        )
+
+    if response_json is not None:
+        return JSONResponse(response_json, status_code=upstream.status_code)
+
+    return Response(
+        content=upstream.content,
+        status_code=upstream.status_code,
+        media_type=content_type or None,
+    )