Upload 224 files

.env.example

@@ -37,6 +37,17 @@ CLAUDE_BETA_HEADER=claude-code-20250219,oauth-2025-04-20,interleaved-thinking-20
 # 启用529错误处理，0表示禁用，>0表示过载状态持续时间（分钟）
 CLAUDE_OVERLOAD_HANDLING_MINUTES=0
 
+# 400错误处理：0表示禁用，>0表示临时禁用时间（分钟）
+# 只有匹配特定错误模式的 400 才会触发临时禁用
+#  - organization has been disabled
+#  - account has been disabled
+#  - account is disabled
+#  - no account supporting
+#  - account not found
+#  - invalid account
+#  - Too many active sessions
+CLAUDE_CONSOLE_BLOCKED_HANDLING_MINUTES=10
+
 # 🌐 代理配置
 DEFAULT_PROXY_TIMEOUT=600000
 MAX_PROXY_RETRIES=3

VERSION

@@ -1 +1 @@
-1.1.179
+1.1.181

src/routes/admin.js

@@ -3624,8 +3624,8 @@ router.post('/bedrock-accounts', authenticateAdmin, async (req, res) => {
     }
 
     logger.success(`☁️ Admin created Bedrock account: ${name}`)
-    const formattedAccount = formatAccountExpiry(formattedAccount)
-    return res.json({ success: true, data: result.data })
+    const formattedAccount = formatAccountExpiry(result.data)
+    return res.json({ success: true, data: formattedAccount })
   } catch (error) {
     logger.error('❌ Failed to create Bedrock account:', error)
     return res
@@ -4078,8 +4078,8 @@ router.post('/gemini-accounts', authenticateAdmin, async (req, res) => {
     }
 
     logger.success(`🏢 Admin created new Gemini account: ${accountData.name}`)
-    const formattedAccount = formatAccountExpiry(formattedAccount)
-    return res.json({ success: true, data: newAccount })
+    const formattedAccount = formatAccountExpiry(newAccount)
+    return res.json({ success: true, data: formattedAccount })
   } catch (error) {
     logger.error('❌ Failed to create Gemini account:', error)
     return res.status(500).json({ error: 'Failed to create account', message: error.message })
@@ -5736,7 +5736,7 @@ router.get('/account-usage-trend', authenticateAdmin, async (req, res) => {
   try {
     const { granularity = 'day', group = 'claude', days = 7, startDate, endDate } = req.query
 
-    const allowedGroups = ['claude', 'openai', 'gemini']
+    const allowedGroups = ['claude', 'openai', 'gemini', 'droid']
     if (!allowedGroups.includes(group)) {
       return res.status(400).json({
         success: false,
@@ -5747,7 +5747,8 @@ router.get('/account-usage-trend', authenticateAdmin, async (req, res) => {
     const groupLabels = {
       claude: 'Claude账户',
       openai: 'OpenAI账户',
-      gemini: 'Gemini账户'
+      gemini: 'Gemini账户',
+      droid: 'Droid账户'
     }
 
     // 拉取各平台账号列表
@@ -5815,6 +5816,17 @@ router.get('/account-usage-trend', authenticateAdmin, async (req, res) => {
           platform: 'gemini'
         }
       })
+    } else if (group === 'droid') {
+      const droidAccounts = await droidAccountService.getAllAccounts()
+      accounts = droidAccounts.map((account) => {
+        const id = String(account.id || '')
+        const shortId = id ? id.slice(0, 8) : '未知'
+        return {
+          id,
+          name: account.name || account.ownerEmail || account.ownerName || `Droid账号 ${shortId}`,
+          platform: 'droid'
+        }
+      })
     }
 
     if (!accounts || accounts.length === 0) {
@@ -7171,6 +7183,7 @@ router.post('/openai-accounts/exchange-code', authenticateAdmin, async (req, res
     // 配置代理（如果有）
     const proxyAgent = ProxyHelper.createProxyAgent(sessionData.proxy)
     if (proxyAgent) {
+      axiosConfig.httpAgent = proxyAgent
       axiosConfig.httpsAgent = proxyAgent
       axiosConfig.proxy = false
     }

src/routes/api.js

@@ -11,6 +11,7 @@ const logger = require('../utils/logger')
 const { getEffectiveModel, parseVendorPrefixedModel } = require('../utils/modelHelper')
 const sessionHelper = require('../utils/sessionHelper')
 const { updateRateLimitCounters } = require('../utils/rateLimitHelper')
+const { sanitizeUpstreamError } = require('../utils/errorSanitizer')
 const router = express.Router()
 
 function queueRateLimitUpdate(rateLimitInfo, usageSummary, model, context = '') {
@@ -947,7 +948,13 @@ router.post('/v1/messages/count_tokens', authenticateApiKey, async (req, res) =>
     // 尝试解析并返回JSON响应
     try {
       const jsonData = JSON.parse(response.body)
-      res.json(jsonData)
+      // 对于非 2xx 响应，清理供应商特定信息
+      if (response.statusCode < 200 || response.statusCode >= 300) {
+        const sanitizedData = sanitizeUpstreamError(jsonData)
+        res.json(sanitizedData)
+      } else {
+        res.json(jsonData)
+      }
     } catch (parseError) {
       res.send(response.body)
     }

src/routes/openaiRoutes.js

@@ -332,6 +332,7 @@ const handleResponses = async (req, res) => {
 
     // 如果有代理，添加代理配置
     if (proxyAgent) {
+      axiosConfig.httpAgent = proxyAgent
       axiosConfig.httpsAgent = proxyAgent
       axiosConfig.proxy = false
       logger.info(`🌐 Using proxy for OpenAI request: ${ProxyHelper.getProxyDescription(proxy)}`)

src/routes/standardGeminiRoutes.js

@@ -44,6 +44,90 @@ function ensureGeminiPermissionMiddleware(req, res, next) {
   return undefined
 }
 
+// 判断对象是否为可读流
+function isReadableStream(value) {
+  return value && typeof value.on === 'function' && typeof value.pipe === 'function'
+}
+
+// 读取可读流内容为字符串
+async function readStreamToString(stream) {
+  return new Promise((resolve, reject) => {
+    let result = ''
+
+    try {
+      if (typeof stream.setEncoding === 'function') {
+        stream.setEncoding('utf8')
+      }
+    } catch (error) {
+      logger.warn('设置流编码失败:', error)
+    }
+
+    stream.on('data', (chunk) => {
+      result += chunk
+    })
+
+    stream.on('end', () => {
+      resolve(result)
+    })
+
+    stream.on('error', (error) => {
+      reject(error)
+    })
+  })
+}
+
+// 规范化上游 Axios 错误信息
+async function normalizeAxiosStreamError(error) {
+  const status = error.response?.status
+  const statusText = error.response?.statusText
+  const responseData = error.response?.data
+  let rawBody = null
+  let parsedBody = null
+
+  if (responseData) {
+    try {
+      if (isReadableStream(responseData)) {
+        rawBody = await readStreamToString(responseData)
+      } else if (Buffer.isBuffer(responseData)) {
+        rawBody = responseData.toString('utf8')
+      } else if (typeof responseData === 'string') {
+        rawBody = responseData
+      } else {
+        rawBody = JSON.stringify(responseData)
+      }
+    } catch (streamError) {
+      logger.warn('读取 Gemini 上游错误流失败:', streamError)
+    }
+  }
+
+  if (rawBody) {
+    if (typeof rawBody === 'string') {
+      try {
+        parsedBody = JSON.parse(rawBody)
+      } catch (parseError) {
+        parsedBody = rawBody
+      }
+    } else {
+      parsedBody = rawBody
+    }
+  }
+
+  let finalMessage = error.message || 'Internal server error'
+  if (parsedBody && typeof parsedBody === 'object') {
+    finalMessage = parsedBody.error?.message || parsedBody.message || finalMessage
+  } else if (typeof parsedBody === 'string' && parsedBody.trim()) {
+    finalMessage = parsedBody.trim()
+  }
+
+  return {
+    status,
+    statusText,
+    message: finalMessage,
+    parsedBody,
+    rawBody
+  }
+}
+
 // 标准 Gemini API 路由处理器
 // 这些路由将挂载在 /gemini 路径下，处理标准 Gemini API 格式的请求
 // 标准格式: /gemini/v1beta/models/{model}:generateContent
@@ -552,21 +636,38 @@ async function handleStandardStreamGenerateContent(req, res) {
       }
     })
   } catch (error) {
+    const normalizedError = await normalizeAxiosStreamError(error)
+
     logger.error(`Error in standard streamGenerateContent endpoint`, {
       message: error.message,
       status: error.response?.status,
       statusText: error.response?.statusText,
-      responseData: error.response?.data,
+      responseData: normalizedError.parsedBody || normalizedError.rawBody,
       stack: error.stack
     })
 
     if (!res.headersSent) {
-      res.status(500).json({
+      const statusCode = normalizedError.status || 500
+      const responseBody = {
         error: {
-          message: error.message || 'Internal server error',
+          message: normalizedError.message,
           type: 'api_error'
         }
-      })
+      }
+
+      if (normalizedError.status) {
+        responseBody.error.upstreamStatus = normalizedError.status
+      }
+      if (normalizedError.statusText) {
+        responseBody.error.upstreamStatusText = normalizedError.statusText
+      }
+      if (normalizedError.parsedBody && typeof normalizedError.parsedBody === 'object') {
+        responseBody.error.upstreamResponse = normalizedError.parsedBody
+      } else if (normalizedError.rawBody) {
+        responseBody.error.upstreamRaw = normalizedError.rawBody
+      }
+
+      return res.status(statusCode).json(responseBody)
     }
   } finally {
     // 清理资源

src/services/apiKeyService.js

@@ -4,6 +4,63 @@ const config = require('../../config/config')
 const redis = require('../models/redis')
 const logger = require('../utils/logger')
 
+const ACCOUNT_TYPE_CONFIG = {
+  claude: { prefix: 'claude:account:' },
+  'claude-console': { prefix: 'claude_console_account:' },
+  openai: { prefix: 'openai:account:' },
+  'openai-responses': { prefix: 'openai_responses_account:' },
+  'azure-openai': { prefix: 'azure_openai:account:' },
+  gemini: { prefix: 'gemini_account:' },
+  droid: { prefix: 'droid:account:' }
+}
+
+const ACCOUNT_TYPE_PRIORITY = [
+  'openai',
+  'openai-responses',
+  'azure-openai',
+  'claude',
+  'claude-console',
+  'gemini',
+  'droid'
+]
+
+const ACCOUNT_CATEGORY_MAP = {
+  claude: 'claude',
+  'claude-console': 'claude',
+  openai: 'openai',
+  'openai-responses': 'openai',
+  'azure-openai': 'openai',
+  gemini: 'gemini',
+  droid: 'droid'
+}
+
+function normalizeAccountTypeKey(type) {
+  if (!type) {
+    return null
+  }
+  const lower = String(type).toLowerCase()
+  if (lower === 'claude_console') {
+    return 'claude-console'
+  }
+  if (lower === 'openai_responses' || lower === 'openai-response' || lower === 'openai-responses') {
+    return 'openai-responses'
+  }
+  if (lower === 'azure_openai' || lower === 'azureopenai' || lower === 'azure-openai') {
+    return 'azure-openai'
+  }
+  return lower
+}
+
+function sanitizeAccountIdForType(accountId, accountType) {
+  if (!accountId || typeof accountId !== 'string') {
+    return accountId
+  }
+  if (accountType === 'openai-responses') {
+    return accountId.replace(/^responses:/, '')
+  }
+  return accountId
+}
+
 class ApiKeyService {
   constructor() {
     this.prefix = config.security.apiKeyPrefix
@@ -418,6 +475,7 @@ class ApiKeyService {
     try {
       let apiKeys = await redis.getAllApiKeys()
       const client = redis.getClientSafe()
+      const accountInfoCache = new Map()
 
       // 默认过滤掉已删除的API Keys
       if (!includeDeleted) {
@@ -524,6 +582,48 @@ class ApiKeyService {
         if (Object.prototype.hasOwnProperty.call(key, 'ccrAccountId')) {
           delete key.ccrAccountId
         }
+
+        let lastUsageRecord = null
+        try {
+          const usageRecords = await redis.getUsageRecords(key.id, 1)
+          if (Array.isArray(usageRecords) && usageRecords.length > 0) {
+            lastUsageRecord = usageRecords[0]
+          }
+        } catch (error) {
+          logger.debug(`加载 API Key ${key.id} 的使用记录失败:`, error)
+        }
+
+        if (lastUsageRecord && (lastUsageRecord.accountId || lastUsageRecord.accountType)) {
+          const resolvedAccount = await this._resolveLastUsageAccount(
+            key,
+            lastUsageRecord,
+            accountInfoCache,
+            client
+          )
+
+          if (resolvedAccount) {
+            key.lastUsage = {
+              accountId: resolvedAccount.accountId,
+              rawAccountId: lastUsageRecord.accountId || resolvedAccount.accountId,
+              accountType: resolvedAccount.accountType,
+              accountCategory: resolvedAccount.accountCategory,
+              accountName: resolvedAccount.accountName,
+              recordedAt: lastUsageRecord.timestamp || key.lastUsedAt || null
+            }
+          } else {
+            key.lastUsage = {
+              accountId: null,
+              rawAccountId: lastUsageRecord.accountId || null,
+              accountType: 'deleted',
+              accountCategory: 'deleted',
+              accountName: '已删除',
+              recordedAt: lastUsageRecord.timestamp || key.lastUsedAt || null
+            }
+          }
+        } else {
+          key.lastUsage = null
+        }
+
         delete key.apiKey // 不返回哈希后的key
       }
 
@@ -1161,6 +1261,129 @@ class ApiKeyService {
     }
   }
 
+  async _fetchAccountInfo(accountId, accountType, cache, client) {
+    if (!client || !accountId || !accountType) {
+      return null
+    }
+
+    const cacheKey = `${accountType}:${accountId}`
+    if (cache.has(cacheKey)) {
+      return cache.get(cacheKey)
+    }
+
+    const accountConfig = ACCOUNT_TYPE_CONFIG[accountType]
+    if (!accountConfig) {
+      cache.set(cacheKey, null)
+      return null
+    }
+
+    const redisKey = `${accountConfig.prefix}${accountId}`
+    let accountData = null
+    try {
+      accountData = await client.hgetall(redisKey)
+    } catch (error) {
+      logger.debug(`加载账号信息失败 ${redisKey}:`, error)
+    }
+
+    if (accountData && Object.keys(accountData).length > 0) {
+      const displayName =
+        accountData.name ||
+        accountData.displayName ||
+        accountData.email ||
+        accountData.username ||
+        accountData.description ||
+        accountId
+
+      const info = { id: accountId, name: displayName }
+      cache.set(cacheKey, info)
+      return info
+    }
+
+    cache.set(cacheKey, null)
+    return null
+  }
+
+  async _resolveAccountByUsageRecord(usageRecord, cache, client) {
+    if (!usageRecord || !client) {
+      return null
+    }
+
+    const rawAccountId = usageRecord.accountId || null
+    const rawAccountType = normalizeAccountTypeKey(usageRecord.accountType)
+    const modelName = usageRecord.model || usageRecord.actualModel || usageRecord.service || null
+
+    if (!rawAccountId && !rawAccountType) {
+      return null
+    }
+
+    const candidateIds = new Set()
+    if (rawAccountId) {
+      candidateIds.add(rawAccountId)
+      if (typeof rawAccountId === 'string' && rawAccountId.startsWith('responses:')) {
+        candidateIds.add(rawAccountId.replace(/^responses:/, ''))
+      }
+    }
+
+    if (candidateIds.size === 0) {
+      return null
+    }
+
+    const typeCandidates = []
+    const pushType = (type) => {
+      const normalized = normalizeAccountTypeKey(type)
+      if (normalized && ACCOUNT_TYPE_CONFIG[normalized] && !typeCandidates.includes(normalized)) {
+        typeCandidates.push(normalized)
+      }
+    }
+
+    pushType(rawAccountType)
+
+    if (modelName) {
+      const lowerModel = modelName.toLowerCase()
+      if (lowerModel.includes('gpt') || lowerModel.includes('openai')) {
+        pushType('openai')
+        pushType('openai-responses')
+        pushType('azure-openai')
+      } else if (lowerModel.includes('gemini')) {
+        pushType('gemini')
+      } else if (lowerModel.includes('claude') || lowerModel.includes('anthropic')) {
+        pushType('claude')
+        pushType('claude-console')
+      } else if (lowerModel.includes('droid')) {
+        pushType('droid')
+      }
+    }
+
+    ACCOUNT_TYPE_PRIORITY.forEach(pushType)
+
+    for (const type of typeCandidates) {
+      const accountConfig = ACCOUNT_TYPE_CONFIG[type]
+      if (!accountConfig) {
+        continue
+      }
+
+      for (const candidateId of candidateIds) {
+        const normalizedId = sanitizeAccountIdForType(candidateId, type)
+        const accountInfo = await this._fetchAccountInfo(normalizedId, type, cache, client)
+        if (accountInfo) {
+          return {
+            accountId: normalizedId,
+            accountName: accountInfo.name,
+            accountType: type,
+            accountCategory: ACCOUNT_CATEGORY_MAP[type] || 'other',
+            rawAccountId: rawAccountId || normalizedId
+          }
+        }
+      }
+    }
+
+    return null
+  }
+
+  async _resolveLastUsageAccount(apiKey, usageRecord, cache, client) {
+    return await this._resolveAccountByUsageRecord(usageRecord, cache, client)
+  }
+
   // 🔔 发布计费事件（内部方法）
   async _publishBillingEvent(eventData) {
     try {

src/services/azureOpenaiRelayService.js

@@ -82,7 +82,9 @@ async function handleAzureOpenAIRequest({
 
     // 如果有代理，添加代理配置
     if (proxyAgent) {
+      axiosConfig.httpAgent = proxyAgent
       axiosConfig.httpsAgent = proxyAgent
+      axiosConfig.proxy = false
       // 为代理添加额外的keep-alive设置
       if (proxyAgent.options) {
         proxyAgent.options.keepAlive = true

src/services/ccrRelayService.js

@@ -121,12 +121,17 @@ class CcrRelayService {
           'User-Agent': userAgent,
           ...filteredHeaders
         },
-        httpsAgent: proxyAgent,
         timeout: config.requestTimeout || 600000,
         signal: abortController.signal,
         validateStatus: () => true // 接受所有状态码
       }
 
+      if (proxyAgent) {
+        requestConfig.httpAgent = proxyAgent
+        requestConfig.httpsAgent = proxyAgent
+        requestConfig.proxy = false
+      }
+
       // 根据 API Key 格式选择认证方式
       if (account.apiKey && account.apiKey.startsWith('sk-ant-')) {
         // Anthropic 官方 API Key 使用 x-api-key
@@ -345,12 +350,17 @@ class CcrRelayService {
           'User-Agent': userAgent,
           ...filteredHeaders
         },
-        httpsAgent: proxyAgent,
         timeout: config.requestTimeout || 600000,
         responseType: 'stream',
         validateStatus: () => true // 接受所有状态码
       }
 
+      if (proxyAgent) {
+        requestConfig.httpAgent = proxyAgent
+        requestConfig.httpsAgent = proxyAgent
+        requestConfig.proxy = false
+      }
+
       // 根据 API Key 格式选择认证方式
       if (account.apiKey && account.apiKey.startsWith('sk-ant-')) {
         // Anthropic 官方 API Key 使用 x-api-key

src/services/claudeAccountService.js

@@ -248,6 +248,24 @@ class ClaudeAccountService {
       // 创建代理agent
       const agent = this._createProxyAgent(accountData.proxy)
 
+      const axiosConfig = {
+        headers: {
+          'Content-Type': 'application/json',
+          Accept: 'application/json, text/plain, */*',
+          'User-Agent': 'claude-cli/1.0.56 (external, cli)',
+          'Accept-Language': 'en-US,en;q=0.9',
+          Referer: 'https://claude.ai/',
+          Origin: 'https://claude.ai'
+        },
+        timeout: 30000
+      }
+
+      if (agent) {
+        axiosConfig.httpAgent = agent
+        axiosConfig.httpsAgent = agent
+        axiosConfig.proxy = false
+      }
+
       const response = await axios.post(
         this.claudeApiUrl,
         {
@@ -255,18 +273,7 @@ class ClaudeAccountService {
           refresh_token: refreshToken,
           client_id: this.claudeOauthClientId
         },
-        {
-          headers: {
-            'Content-Type': 'application/json',
-            Accept: 'application/json, text/plain, */*',
-            'User-Agent': 'claude-cli/1.0.56 (external, cli)',
-            'Accept-Language': 'en-US,en;q=0.9',
-            Referer: 'https://claude.ai/',
-            Origin: 'https://claude.ai'
-          },
-          httpsAgent: agent,
-          timeout: 30000
-        }
+        axiosConfig
       )
 
       if (response.status === 200) {
@@ -1824,7 +1831,7 @@ class ClaudeAccountService {
       logger.debug(`📊 Fetching OAuth usage for account: ${accountData.name} (${accountId})`)
 
       // 请求 OAuth usage 接口
-      const response = await axios.get('https://api.anthropic.com/api/oauth/usage', {
+      const axiosConfig = {
         headers: {
           Authorization: `Bearer ${accessToken}`,
           'Content-Type': 'application/json',
@@ -1833,9 +1840,16 @@ class ClaudeAccountService {
           'User-Agent': 'claude-cli/1.0.56 (external, cli)',
           'Accept-Language': 'en-US,en;q=0.9'
         },
-        httpsAgent: agent,
         timeout: 15000
-      })
+      }
+
+      if (agent) {
+        axiosConfig.httpAgent = agent
+        axiosConfig.httpsAgent = agent
+        axiosConfig.proxy = false
+      }
+
+      const response = await axios.get('https://api.anthropic.com/api/oauth/usage', axiosConfig)
 
       if (response.status === 200 && response.data) {
         logger.debug('✅ Successfully fetched OAuth usage data:', {
@@ -2003,7 +2017,7 @@ class ClaudeAccountService {
       logger.info(`📊 Fetching profile info for account: ${accountData.name} (${accountId})`)
 
       // 请求 profile 接口
-      const response = await axios.get('https://api.anthropic.com/api/oauth/profile', {
+      const axiosConfig = {
         headers: {
           Authorization: `Bearer ${accessToken}`,
           'Content-Type': 'application/json',
@@ -2011,9 +2025,16 @@ class ClaudeAccountService {
           'User-Agent': 'claude-cli/1.0.56 (external, cli)',
           'Accept-Language': 'en-US,en;q=0.9'
         },
-        httpsAgent: agent,
         timeout: 15000
-      })
+      }
+
+      if (agent) {
+        axiosConfig.httpAgent = agent
+        axiosConfig.httpsAgent = agent
+        axiosConfig.proxy = false
+      }
+
+      const response = await axios.get('https://api.anthropic.com/api/oauth/profile', axiosConfig)
 
       if (response.status === 200 && response.data) {
         const profileData = response.data

src/services/claudeConsoleAccountService.js

@@ -36,6 +36,20 @@ class ClaudeConsoleAccountService {
     )
   }
 
+  _getBlockedHandlingMinutes() {
+    const raw = process.env.CLAUDE_CONSOLE_BLOCKED_HANDLING_MINUTES
+    if (raw === undefined || raw === null || raw === '') {
+      return 0
+    }
+
+    const parsed = Number.parseInt(raw, 10)
+    if (!Number.isFinite(parsed) || parsed <= 0) {
+      return 0
+    }
+
+    return parsed
+  }
+
   // 🏢 创建Claude Console账户
   async createAccount(options = {}) {
     const {
@@ -690,6 +704,183 @@ class ClaudeConsoleAccountService {
     }
   }
 
+  // 🚫 标记账号为临时封禁状态（400错误 - 账户临时禁用）
+  async markConsoleAccountBlocked(accountId, errorDetails = '') {
+    try {
+      const client = redis.getClientSafe()
+      const account = await this.getAccount(accountId)
+
+      if (!account) {
+        throw new Error('Account not found')
+      }
+
+      const blockedMinutes = this._getBlockedHandlingMinutes()
+
+      if (blockedMinutes <= 0) {
+        logger.info(
+          `ℹ️ CLAUDE_CONSOLE_BLOCKED_HANDLING_MINUTES 未设置或为0，跳过账户封禁：${account.name} (${accountId})`
+        )
+
+        if (account.blockedStatus === 'blocked') {
+          try {
+            await this.removeAccountBlocked(accountId)
+          } catch (cleanupError) {
+            logger.warn(`⚠️ 尝试移除账户封禁状态失败：${accountId}`, cleanupError)
+          }
+        }
+
+        return { success: false, skipped: true }
+      }
+
+      const updates = {
+        blockedAt: new Date().toISOString(),
+        blockedStatus: 'blocked',
+        isActive: 'false', // 禁用账户（与429保持一致）
+        schedulable: 'false', // 停止调度（与429保持一致）
+        status: 'account_blocked', // 设置状态（与429保持一致）
+        errorMessage: '账户临时被禁用（400错误）',
+        // 使用独立的封禁自动停止标记
+        blockedAutoStopped: 'true'
+      }
+
+      await client.hset(`${this.ACCOUNT_KEY_PREFIX}${accountId}`, updates)
+
+      // 发送Webhook通知，包含完整错误详情
+      try {
+        const webhookNotifier = require('../utils/webhookNotifier')
+        await webhookNotifier.sendAccountAnomalyNotification({
+          accountId,
+          accountName: account.name || 'Claude Console Account',
+          platform: 'claude-console',
+          status: 'error',
+          errorCode: 'CLAUDE_CONSOLE_BLOCKED',
+          reason: `账户临时被禁用（400错误）。账户将在 ${blockedMinutes} 分钟后自动恢复。`,
+          errorDetails: errorDetails || '无错误详情',
+          timestamp: new Date().toISOString()
+        })
+      } catch (webhookError) {
+        logger.error('Failed to send blocked webhook notification:', webhookError)
+      }
+
+      logger.warn(`🚫 Claude Console account temporarily blocked: ${account.name} (${accountId})`)
+      return { success: true }
+    } catch (error) {
+      logger.error(`❌ Failed to mark Claude Console account as blocked: ${accountId}`, error)
+      throw error
+    }
+  }
+
+  // ✅ 移除账号的临时封禁状态
+  async removeAccountBlocked(accountId) {
+    try {
+      const client = redis.getClientSafe()
+      const accountKey = `${this.ACCOUNT_KEY_PREFIX}${accountId}`
+
+      // 获取账户当前状态和额度信息
+      const [currentStatus, quotaStoppedAt] = await client.hmget(
+        accountKey,
+        'status',
+        'quotaStoppedAt'
+      )
+
+      // 删除封禁相关字段
+      await client.hdel(accountKey, 'blockedAt', 'blockedStatus')
+
+      // 根据不同情况决定是否恢复账户
+      if (currentStatus === 'account_blocked') {
+        if (quotaStoppedAt) {
+          // 还有额度限制，改为quota_exceeded状态
+          await client.hset(accountKey, {
+            status: 'quota_exceeded'
+            // isActive保持false
+          })
+          logger.info(
+            `⚠️ Blocked status removed but quota exceeded remains for account: ${accountId}`
+          )
+        } else {
+          // 没有额度限制，完全恢复
+          const accountData = await client.hgetall(accountKey)
+          const updateData = {
+            isActive: 'true',
+            status: 'active',
+            errorMessage: ''
+          }
+
+          const hadAutoStop = accountData.blockedAutoStopped === 'true'
+
+          // 只恢复因封禁而自动停止的账户
+          if (hadAutoStop && accountData.schedulable === 'false') {
+            updateData.schedulable = 'true' // 恢复调度
+            logger.info(
+              `✅ Auto-resuming scheduling for Claude Console account ${accountId} after blocked status cleared`
+            )
+          }
+
+          if (hadAutoStop) {
+            await client.hdel(accountKey, 'blockedAutoStopped')
+          }
+
+          await client.hset(accountKey, updateData)
+          logger.success(`✅ Blocked status removed and account re-enabled: ${accountId}`)
+        }
+      } else {
+        if (await client.hdel(accountKey, 'blockedAutoStopped')) {
+          logger.info(
+            `ℹ️ Removed stale auto-stop flag for Claude Console account ${accountId} during blocked status recovery`
+          )
+        }
+        logger.success(`✅ Blocked status removed for Claude Console account: ${accountId}`)
+      }
+
+      return { success: true }
+    } catch (error) {
+      logger.error(
+        `❌ Failed to remove blocked status for Claude Console account: ${accountId}`,
+        error
+      )
+      throw error
+    }
+  }
+
+  // 🔍 检查账号是否处于临时封禁状态
+  async isAccountBlocked(accountId) {
+    try {
+      const account = await this.getAccount(accountId)
+      if (!account) {
+        return false
+      }
+
+      if (account.blockedStatus === 'blocked' && account.blockedAt) {
+        const blockedDuration = this._getBlockedHandlingMinutes()
+
+        if (blockedDuration <= 0) {
+          await this.removeAccountBlocked(accountId)
+          return false
+        }
+
+        const blockedAt = new Date(account.blockedAt)
+        const now = new Date()
+        const minutesSinceBlocked = (now - blockedAt) / (1000 * 60)
+
+        // 禁用时长过后自动恢复
+        if (minutesSinceBlocked >= blockedDuration) {
+          await this.removeAccountBlocked(accountId)
+          return false
+        }
+
+        return true
+      }
+
+      return false
+    } catch (error) {
+      logger.error(
+        `❌ Failed to check blocked status for Claude Console account: ${accountId}`,
+        error
+      )
+      return false
+    }
+  }
+
   // 🚫 标记账号为过载状态（529错误）
   async markAccountOverloaded(accountId) {
     try {

src/services/claudeConsoleRelayService.js

@@ -2,6 +2,11 @@ const axios = require('axios')
 const claudeConsoleAccountService = require('./claudeConsoleAccountService')
 const logger = require('../utils/logger')
 const config = require('../../config/config')
+const {
+  sanitizeUpstreamError,
+  sanitizeErrorMessage,
+  isAccountDisabledError
+} = require('../utils/errorSanitizer')
 
 class ClaudeConsoleRelayService {
   constructor() {
@@ -122,12 +127,17 @@ class ClaudeConsoleRelayService {
           'User-Agent': userAgent,
           ...filteredHeaders
         },
-        httpsAgent: proxyAgent,
         timeout: config.requestTimeout || 600000,
         signal: abortController.signal,
         validateStatus: () => true // 接受所有状态码
       }
 
+      if (proxyAgent) {
+        requestConfig.httpAgent = proxyAgent
+        requestConfig.httpsAgent = proxyAgent
+        requestConfig.proxy = false
+      }
+
       // 根据 API Key 格式选择认证方式
       if (account.apiKey && account.apiKey.startsWith('sk-ant-')) {
         // Anthropic 官方 API Key 使用 x-api-key
@@ -172,14 +182,49 @@ class ClaudeConsoleRelayService {
       logger.debug(
         `[DEBUG] Response data length: ${response.data ? (typeof response.data === 'string' ? response.data.length : JSON.stringify(response.data).length) : 0}`
       )
-      logger.debug(
-        `[DEBUG] Response data preview: ${typeof response.data === 'string' ? response.data.substring(0, 200) : JSON.stringify(response.data).substring(0, 200)}`
-      )
+
+      // 对于错误响应，记录原始错误和清理后的预览
+      if (response.status < 200 || response.status >= 300) {
+        // 记录原始错误响应（包含供应商信息，用于调试）
+        const rawData =
+          typeof response.data === 'string' ? response.data : JSON.stringify(response.data)
+        logger.error(
+          `📝 Upstream error response from ${account?.name || accountId}: ${rawData.substring(0, 500)}`
+        )
+
+        // 记录清理后的数据到error
+        try {
+          const responseData =
+            typeof response.data === 'string' ? JSON.parse(response.data) : response.data
+          const sanitizedData = sanitizeUpstreamError(responseData)
+          logger.error(`🧹 [SANITIZED] Error response to client: ${JSON.stringify(sanitizedData)}`)
+        } catch (e) {
+          const rawText =
+            typeof response.data === 'string' ? response.data : JSON.stringify(response.data)
+          const sanitizedText = sanitizeErrorMessage(rawText)
+          logger.error(`🧹 [SANITIZED] Error response to client: ${sanitizedText}`)
+        }
+      } else {
+        logger.debug(
+          `[DEBUG] Response data preview: ${typeof response.data === 'string' ? response.data.substring(0, 200) : JSON.stringify(response.data).substring(0, 200)}`
+        )
+      }
+
+      // 检查是否为账户禁用/不可用的 400 错误
+      const accountDisabledError = isAccountDisabledError(response.status, response.data)
 
       // 检查错误状态并相应处理
       if (response.status === 401) {
         logger.warn(`🚫 Unauthorized error detected for Claude Console account ${accountId}`)
         await claudeConsoleAccountService.markAccountUnauthorized(accountId)
+      } else if (accountDisabledError) {
+        logger.error(
+          `🚫 Account disabled error (400) detected for Claude Console account ${accountId}, marking as blocked`
+        )
+        // 传入完整的错误详情到 webhook
+        const errorDetails =
+          typeof response.data === 'string' ? response.data : JSON.stringify(response.data)
+        await claudeConsoleAccountService.markConsoleAccountBlocked(accountId, errorDetails)
       } else if (response.status === 429) {
         logger.warn(`🚫 Rate limit detected for Claude Console account ${accountId}`)
         // 收到429先检查是否因为超过了手动配置的每日额度
@@ -206,9 +251,30 @@ class ClaudeConsoleRelayService {
       // 更新最后使用时间
       await this._updateLastUsedTime(accountId)
 
-      const responseBody =
-        typeof response.data === 'string' ? response.data : JSON.stringify(response.data)
-      logger.debug(`[DEBUG] Final response body to return: ${responseBody}`)
+      // 准备响应体并清理错误信息（如果是错误响应）
+      let responseBody
+      if (response.status < 200 || response.status >= 300) {
+        // 错误响应，清理供应商信息
+        try {
+          const responseData =
+            typeof response.data === 'string' ? JSON.parse(response.data) : response.data
+          const sanitizedData = sanitizeUpstreamError(responseData)
+          responseBody = JSON.stringify(sanitizedData)
+          logger.debug(`🧹 Sanitized error response`)
+        } catch (parseError) {
+          // 如果无法解析为JSON，尝试清理文本
+          const rawText =
+            typeof response.data === 'string' ? response.data : JSON.stringify(response.data)
+          responseBody = sanitizeErrorMessage(rawText)
+          logger.debug(`���� Sanitized error text`)
+        }
+      } else {
+        // 成功响应，不需要清理
+        responseBody =
+          typeof response.data === 'string' ? response.data : JSON.stringify(response.data)
+      }
+
+      logger.debug(`[DEBUG] Final response body to return: ${responseBody.substring(0, 200)}...`)
 
       return {
         statusCode: response.status,
@@ -353,12 +419,17 @@ class ClaudeConsoleRelayService {
           'User-Agent': userAgent,
           ...filteredHeaders
         },
-        httpsAgent: proxyAgent,
         timeout: config.requestTimeout || 600000,
         responseType: 'stream',
         validateStatus: () => true // 接受所有状态码
       }
 
+      if (proxyAgent) {
+        requestConfig.httpAgent = proxyAgent
+        requestConfig.httpsAgent = proxyAgent
+        requestConfig.proxy = false
+      }
+
       // 根据 API Key 格式选择认证方式
       if (account.apiKey && account.apiKey.startsWith('sk-ant-')) {
         // Anthropic 官方 API Key 使用 x-api-key
@@ -388,44 +459,83 @@ class ClaudeConsoleRelayService {
               `❌ Claude Console API returned error status: ${response.status} | Account: ${account?.name || accountId}`
             )
 
-            if (response.status === 401) {
-              claudeConsoleAccountService.markAccountUnauthorized(accountId)
-            } else if (response.status === 429) {
-              claudeConsoleAccountService.markAccountRateLimited(accountId)
-              // 检查是否因为超过每日额度
-              claudeConsoleAccountService.checkQuotaUsage(accountId).catch((err) => {
-                logger.error('❌ Failed to check quota after 429 error:', err)
-              })
-            } else if (response.status === 529) {
-              claudeConsoleAccountService.markAccountOverloaded(accountId)
-            }
+            // 收集错误数据用于检测
+            let errorDataForCheck = ''
+            const errorChunks = []
 
-            // 设置错误响应的状态码和响应头
-            if (!responseStream.headersSent) {
-              const errorHeaders = {
-                'Content-Type': response.headers['content-type'] || 'application/json',
-                'Cache-Control': 'no-cache',
-                Connection: 'keep-alive'
+            response.data.on('data', (chunk) => {
+              errorChunks.push(chunk)
+              errorDataForCheck += chunk.toString()
+            })
+
+            response.data.on('end', async () => {
+              // 记录原始错误消息到日志（方便调试，包含供应商信息）
+              logger.error(
+                `📝 [Stream] Upstream error response from ${account?.name || accountId}: ${errorDataForCheck.substring(0, 500)}`
+              )
+
+              // 检查是否为账户禁用错误
+              const accountDisabledError = isAccountDisabledError(
+                response.status,
+                errorDataForCheck
+              )
+
+              if (response.status === 401) {
+                await claudeConsoleAccountService.markAccountUnauthorized(accountId)
+              } else if (accountDisabledError) {
+                logger.error(
+                  `🚫 [Stream] Account disabled error (400) detected for Claude Console account ${accountId}, marking as blocked`
+                )
+                // 传入完整的错误详情到 webhook
+                await claudeConsoleAccountService.markConsoleAccountBlocked(
+                  accountId,
+                  errorDataForCheck
+                )
+              } else if (response.status === 429) {
+                await claudeConsoleAccountService.markAccountRateLimited(accountId)
+                // 检查是否因为超过每日额度
+                claudeConsoleAccountService.checkQuotaUsage(accountId).catch((err) => {
+                  logger.error('❌ Failed to check quota after 429 error:', err)
+                })
+              } else if (response.status === 529) {
+                await claudeConsoleAccountService.markAccountOverloaded(accountId)
               }
-              // 避免 Transfer-Encoding 冲突，让 Express 自动处理
-              delete errorHeaders['Transfer-Encoding']
-              delete errorHeaders['Content-Length']
-              responseStream.writeHead(response.status, errorHeaders)
-            }
 
-            // 直接透传错误数据，不进行包装
-            response.data.on('data', (chunk) => {
-              if (!responseStream.destroyed) {
-                responseStream.write(chunk)
+              // 设置响应头
+              if (!responseStream.headersSent) {
+                responseStream.writeHead(response.status, {
+                  'Content-Type': 'application/json',
+                  'Cache-Control': 'no-cache'
+                })
               }
-            })
 
-            response.data.on('end', () => {
-              if (!responseStream.destroyed) {
-                responseStream.end()
+              // 清理并发送错误响应
+              try {
+                const fullErrorData = Buffer.concat(errorChunks).toString()
+                const errorJson = JSON.parse(fullErrorData)
+                const sanitizedError = sanitizeUpstreamError(errorJson)
+
+                // 记录清理后的错误消息（发送给客户端的，完整记录）
+                logger.error(
+                  `🧹 [Stream] [SANITIZED] Error response to client: ${JSON.stringify(sanitizedError)}`
+                )
+
+                if (!responseStream.destroyed) {
+                  responseStream.write(JSON.stringify(sanitizedError))
+                  responseStream.end()
+                }
+              } catch (parseError) {
+                const sanitizedText = sanitizeErrorMessage(errorDataForCheck)
+                logger.error(`🧹 [Stream] [SANITIZED] Error response to client: ${sanitizedText}`)
+
+                if (!responseStream.destroyed) {
+                  responseStream.write(sanitizedText)
+                  responseStream.end()
+                }
               }
               resolve() // 不抛出异常，正常完成流处理
             })
+
             return
           }
 

src/services/claudeRelayService.js

@@ -227,6 +227,9 @@ class ClaudeRelayService {
         options
       )
 
+      response.accountId = accountId
+      response.accountType = accountType
+
       // 移除监听器（请求成功完成）
       if (clientRequest) {
         clientRequest.removeListener('close', handleClientDisconnect)

src/services/droidAccountService.js

@@ -438,6 +438,7 @@ class DroidAccountService {
       if (proxyAgent) {
         requestOptions.httpAgent = proxyAgent
         requestOptions.httpsAgent = proxyAgent
+        requestOptions.proxy = false
         logger.info(
           `🌐 使用代理验证 Droid Refresh Token: ${ProxyHelper.getProxyDescription(proxyConfig)}`
         )
@@ -506,6 +507,7 @@ class DroidAccountService {
       if (proxyAgent) {
         requestOptions.httpAgent = proxyAgent
         requestOptions.httpsAgent = proxyAgent
+        requestOptions.proxy = false
       }
     }
 

src/services/droidRelayService.js

@@ -309,7 +309,8 @@ class DroidRelayService {
           responseType: 'json',
           ...(proxyAgent && {
             httpAgent: proxyAgent,
-            httpsAgent: proxyAgent
+            httpsAgent: proxyAgent,
+            proxy: false
           })
         }
 

src/services/geminiAccountService.js

@@ -1048,6 +1048,7 @@ async function getOauthClient(accessToken, refreshToken, proxyConfig = null) {
 
   // 验证凭据本地有效性
   const { token } = await client.getAccessToken()
+
   if (!token) {
     return false
   }
@@ -1066,6 +1067,54 @@ async function loadCodeAssist(client, projectId = null, proxyConfig = null) {
   const CODE_ASSIST_API_VERSION = 'v1internal'
 
   const { token } = await client.getAccessToken()
+  const proxyAgent = ProxyHelper.createProxyAgent(proxyConfig)
+
+  const tokenInfoConfig = {
+    url: 'https://oauth2.googleapis.com/tokeninfo',
+    method: 'POST',
+    headers: {
+      Authorization: `Bearer ${token}`,
+      'Content-Type': 'application/x-www-form-urlencoded'
+    },
+    data: new URLSearchParams({ access_token: token }).toString(),
+    timeout: 15000
+  }
+
+  if (proxyAgent) {
+    tokenInfoConfig.httpAgent = proxyAgent
+    tokenInfoConfig.httpsAgent = proxyAgent
+    tokenInfoConfig.proxy = false
+  }
+
+  try {
+    await axios(tokenInfoConfig)
+    logger.info('📋 tokeninfo 接口验证成功')
+  } catch (error) {
+    logger.info('tokeninfo 接口获取失败', error)
+  }
+
+  const userInfoConfig = {
+    url: 'https://www.googleapis.com/oauth2/v2/userinfo',
+    method: 'GET',
+    headers: {
+      Authorization: `Bearer ${token}`,
+      Accept: '*/*'
+    },
+    timeout: 15000
+  }
+
+  if (proxyAgent) {
+    userInfoConfig.httpAgent = proxyAgent
+    userInfoConfig.httpsAgent = proxyAgent
+    userInfoConfig.proxy = false
+  }
+
+  try {
+    await axios(userInfoConfig)
+    logger.info('📋 userinfo 接口获取成功')
+  } catch (error) {
+    logger.info('userinfo 接口获取失败', error)
+  }
 
   // 创建ClientMetadata
   const clientMetadata = {
@@ -1100,9 +1149,10 @@ async function loadCodeAssist(client, projectId = null, proxyConfig = null) {
   }
 
   // 添加代理配置
-  const proxyAgent = ProxyHelper.createProxyAgent(proxyConfig)
   if (proxyAgent) {
+    axiosConfig.httpAgent = proxyAgent
     axiosConfig.httpsAgent = proxyAgent
+    axiosConfig.proxy = false
     logger.info(
       `🌐 Using proxy for Gemini loadCodeAssist: ${ProxyHelper.getProxyDescription(proxyConfig)}`
     )
@@ -1176,7 +1226,9 @@ async function onboardUser(client, tierId, projectId, clientMetadata, proxyConfi
   // 添加代理配置
   const proxyAgent = ProxyHelper.createProxyAgent(proxyConfig)
   if (proxyAgent) {
+    baseAxiosConfig.httpAgent = proxyAgent
     baseAxiosConfig.httpsAgent = proxyAgent
+    baseAxiosConfig.proxy = false
     logger.info(
       `🌐 Using proxy for Gemini onboardUser: ${ProxyHelper.getProxyDescription(proxyConfig)}`
     )
@@ -1307,7 +1359,9 @@ async function countTokens(client, contents, model = 'gemini-2.0-flash-exp', pro
   // 添加代理配置
   const proxyAgent = ProxyHelper.createProxyAgent(proxyConfig)
   if (proxyAgent) {
+    axiosConfig.httpAgent = proxyAgent
     axiosConfig.httpsAgent = proxyAgent
+    axiosConfig.proxy = false
     logger.info(
       `🌐 Using proxy for Gemini countTokens: ${ProxyHelper.getProxyDescription(proxyConfig)}`
     )
@@ -1382,7 +1436,9 @@ async function generateContent(
   // 添加代理配置
   const proxyAgent = ProxyHelper.createProxyAgent(proxyConfig)
   if (proxyAgent) {
+    axiosConfig.httpAgent = proxyAgent
     axiosConfig.httpsAgent = proxyAgent
+    axiosConfig.proxy = false
     logger.info(
       `🌐 Using proxy for Gemini generateContent: ${ProxyHelper.getProxyDescription(proxyConfig)}`
     )
@@ -1456,7 +1512,9 @@ async function generateContentStream(
   // 添加代理配置
   const proxyAgent = ProxyHelper.createProxyAgent(proxyConfig)
   if (proxyAgent) {
+    axiosConfig.httpAgent = proxyAgent
     axiosConfig.httpsAgent = proxyAgent
+    axiosConfig.proxy = false
     logger.info(
       `🌐 Using proxy for Gemini streamGenerateContent: ${ProxyHelper.getProxyDescription(proxyConfig)}`
     )

src/services/geminiRelayService.js

@@ -279,7 +279,9 @@ async function sendGeminiRequest({
   // 添加代理配置
   const proxyAgent = createProxyAgent(proxy)
   if (proxyAgent) {
+    axiosConfig.httpAgent = proxyAgent
     axiosConfig.httpsAgent = proxyAgent
+    axiosConfig.proxy = false
     logger.info(`🌐 Using proxy for Gemini API request: ${ProxyHelper.getProxyDescription(proxy)}`)
   } else {
     logger.debug('🌐 No proxy configured for Gemini API request')
@@ -387,7 +389,9 @@ async function getAvailableModels(accessToken, proxy, projectId, location = 'us-
 
   const proxyAgent = createProxyAgent(proxy)
   if (proxyAgent) {
+    axiosConfig.httpAgent = proxyAgent
     axiosConfig.httpsAgent = proxyAgent
+    axiosConfig.proxy = false
     logger.info(
       `🌐 Using proxy for Gemini models request: ${ProxyHelper.getProxyDescription(proxy)}`
     )
@@ -488,7 +492,9 @@ async function countTokens({
   // 添加代理配置
   const proxyAgent = createProxyAgent(proxy)
   if (proxyAgent) {
+    axiosConfig.httpAgent = proxyAgent
     axiosConfig.httpsAgent = proxyAgent
+    axiosConfig.proxy = false
     logger.info(
       `🌐 Using proxy for Gemini countTokens request: ${ProxyHelper.getProxyDescription(proxy)}`
     )

src/services/openaiAccountService.js

@@ -223,6 +223,7 @@ async function refreshAccessToken(refreshToken, proxy = null) {
     // 配置代理（如果有）
     const proxyAgent = ProxyHelper.createProxyAgent(proxy)
     if (proxyAgent) {
+      requestOptions.httpAgent = proxyAgent
       requestOptions.httpsAgent = proxyAgent
       requestOptions.proxy = false
       logger.info(

src/services/openaiResponsesRelayService.js

@@ -107,6 +107,7 @@ class OpenAIResponsesRelayService {
       if (fullAccount.proxy) {
         const proxyAgent = ProxyHelper.createProxyAgent(fullAccount.proxy)
         if (proxyAgent) {
+          requestOptions.httpAgent = proxyAgent
           requestOptions.httpsAgent = proxyAgent
           requestOptions.proxy = false
           logger.info(

src/services/unifiedClaudeScheduler.js

@@ -527,68 +527,86 @@ class UnifiedClaudeScheduler {
     logger.info(`📋 Found ${consoleAccounts.length} total Claude Console accounts`)
 
     for (const account of consoleAccounts) {
+      // 主动检查封禁状态并尝试恢复（在过滤之前执行，确保可以恢复被封禁的账户）
+      const wasBlocked = await claudeConsoleAccountService.isAccountBlocked(account.id)
+
+      // 如果账户之前被封禁但现在已恢复，重新获取最新状态
+      let currentAccount = account
+      if (wasBlocked === false && account.status === 'account_blocked') {
+        // 可能刚刚被恢复，重新获取账户状态
+        const freshAccount = await claudeConsoleAccountService.getAccount(account.id)
+        if (freshAccount) {
+          currentAccount = freshAccount
+          logger.info(`🔄 Account ${account.name} was recovered from blocked status`)
+        }
+      }
+
       logger.info(
-        `🔍 Checking Claude Console account: ${account.name} - isActive: ${account.isActive}, status: ${account.status}, accountType: ${account.accountType}, schedulable: ${account.schedulable}`
+        `🔍 Checking Claude Console account: ${currentAccount.name} - isActive: ${currentAccount.isActive}, status: ${currentAccount.status}, accountType: ${currentAccount.accountType}, schedulable: ${currentAccount.schedulable}`
       )
 
-      // 注意：getAllAccounts返回的isActive是布尔值
+      // 注意：getAllAccounts返回的isActive是布尔值，getAccount返回的也是布尔值
       if (
-        account.isActive === true &&
-        account.status === 'active' &&
-        account.accountType === 'shared' &&
-        this._isSchedulable(account.schedulable)
+        currentAccount.isActive === true &&
+        currentAccount.status === 'active' &&
+        currentAccount.accountType === 'shared' &&
+        this._isSchedulable(currentAccount.schedulable)
       ) {
         // 检查是否可调度
 
         // 检查模型支持
-        if (!this._isModelSupportedByAccount(account, 'claude-console', requestedModel)) {
+        if (!this._isModelSupportedByAccount(currentAccount, 'claude-console', requestedModel)) {
           continue
         }
 
         // 检查订阅是否过期
-        if (claudeConsoleAccountService.isSubscriptionExpired(account)) {
+        if (claudeConsoleAccountService.isSubscriptionExpired(currentAccount)) {
           logger.debug(
-            `⏰ Claude Console account ${account.name} (${account.id}) expired at ${account.subscriptionExpiresAt}`
+            `⏰ Claude Console account ${currentAccount.name} (${currentAccount.id}) expired at ${currentAccount.subscriptionExpiresAt}`
           )
           continue
         }
 
         // 主动触发一次额度检查，确保状态即时生效
         try {
-          await claudeConsoleAccountService.checkQuotaUsage(account.id)
+          await claudeConsoleAccountService.checkQuotaUsage(currentAccount.id)
         } catch (e) {
           logger.warn(
-            `Failed to check quota for Claude Console account ${account.name}: ${e.message}`
+            `Failed to check quota for Claude Console account ${currentAccount.name}: ${e.message}`
           )
           // 继续处理该账号
         }
 
         // 检查是否被限流
-        const isRateLimited = await claudeConsoleAccountService.isAccountRateLimited(account.id)
-        const isQuotaExceeded = await claudeConsoleAccountService.isAccountQuotaExceeded(account.id)
+        const isRateLimited = await claudeConsoleAccountService.isAccountRateLimited(
+          currentAccount.id
+        )
+        const isQuotaExceeded = await claudeConsoleAccountService.isAccountQuotaExceeded(
+          currentAccount.id
+        )
 
         if (!isRateLimited && !isQuotaExceeded) {
           availableAccounts.push({
-            ...account,
-            accountId: account.id,
+            ...currentAccount,
+            accountId: currentAccount.id,
             accountType: 'claude-console',
-            priority: parseInt(account.priority) || 50,
-            lastUsedAt: account.lastUsedAt || '0'
+            priority: parseInt(currentAccount.priority) || 50,
+            lastUsedAt: currentAccount.lastUsedAt || '0'
           })
           logger.info(
-            `✅ Added Claude Console account to available pool: ${account.name} (priority: ${account.priority})`
+            `✅ Added Claude Console account to available pool: ${currentAccount.name} (priority: ${currentAccount.priority})`
           )
         } else {
           if (isRateLimited) {
-            logger.warn(`⚠️ Claude Console account ${account.name} is rate limited`)
+            logger.warn(`⚠️ Claude Console account ${currentAccount.name} is rate limited`)
           }
           if (isQuotaExceeded) {
-            logger.warn(`💰 Claude Console account ${account.name} quota exceeded`)
+            logger.warn(`💰 Claude Console account ${currentAccount.name} quota exceeded`)
           }
         }
       } else {
         logger.info(
-          `❌ Claude Console account ${account.name} not eligible - isActive: ${account.isActive}, status: ${account.status}, accountType: ${account.accountType}, schedulable: ${account.schedulable}`
+          `❌ Claude Console account ${currentAccount.name} not eligible - isActive: ${currentAccount.isActive}, status: ${currentAccount.status}, accountType: ${currentAccount.accountType}, schedulable: ${currentAccount.schedulable}`
         )
       }
     }

src/utils/errorSanitizer.js

@@ -0,0 +1,162 @@
+/**
+ * 错误消息清理工具
+ * 用于移除上游错误中的供应商特定信息（如 URL、引用等）
+ */
+
+/**
+ * 清理错误消息中的 URL 和供应商引用
+ * @param {string} message - 原始错误消息
+ * @returns {string} - 清理后的消息
+ */
+function sanitizeErrorMessage(message) {
+  if (typeof message !== 'string') {
+    return message
+  }
+
+  // 移除 URL（http:// 或 https://）
+  let cleaned = message.replace(/https?:\/\/[^\s]+/gi, '')
+
+  // 移除常见的供应商引用模式
+  cleaned = cleaned.replace(/For more (?:details|information|help)[,\s]*/gi, '')
+  cleaned = cleaned.replace(/(?:please\s+)?visit\s+\S*/gi, '') // 移除 "visit xxx"
+  cleaned = cleaned.replace(/(?:see|check)\s+(?:our|the)\s+\S*/gi, '') // 移除 "see our xxx"
+  cleaned = cleaned.replace(/(?:contact|reach)\s+(?:us|support)\s+at\s+\S*/gi, '') // 移除联系信息
+
+  // 移除供应商特定关键词（包括整个单词）
+  cleaned = cleaned.replace(/88code\S*/gi, '')
+  cleaned = cleaned.replace(/duck\S*/gi, '')
+  cleaned = cleaned.replace(/packy\S*/gi, '')
+  cleaned = cleaned.replace(/ikun\S*/gi, '')
+  cleaned = cleaned.replace(/privnode\S*/gi, '')
+  cleaned = cleaned.replace(/yescode\S*/gi, '')
+  cleaned = cleaned.replace(/share\S*/gi, '')
+  cleaned = cleaned.replace(/yhlxj\S*/gi, '')
+  cleaned = cleaned.replace(/gac\S*/gi, '')
+  cleaned = cleaned.replace(/driod\S*/gi, '')
+
+  cleaned = cleaned.replace(/\s+/g, ' ').trim()
+
+  // 如果消息被清理得太短或为空，返回通用消息
+  if (cleaned.length < 5) {
+    return 'The requested model is currently unavailable'
+  }
+
+  return cleaned
+}
+
+/**
+ * 递归清理对象中的所有错误消息字段
+ * @param {Object} errorData - 原始错误数据对象
+ * @returns {Object} - 清理后的错误数据
+ */
+function sanitizeUpstreamError(errorData) {
+  if (!errorData || typeof errorData !== 'object') {
+    return errorData
+  }
+
+  // 深拷贝避免修改原始对象
+  const sanitized = JSON.parse(JSON.stringify(errorData))
+
+  // 递归清理嵌套的错误对象
+  const sanitizeObject = (obj) => {
+    if (!obj || typeof obj !== 'object') {
+      return obj
+    }
+
+    for (const key in obj) {
+      if (key === 'message' && typeof obj[key] === 'string') {
+        obj[key] = sanitizeErrorMessage(obj[key])
+      } else if (typeof obj[key] === 'object') {
+        sanitizeObject(obj[key])
+      }
+    }
+
+    return obj
+  }
+
+  return sanitizeObject(sanitized)
+}
+
+/**
+ * 提取错误消息（支持多种错误格式）
+ * @param {*} body - 错误响应体（字符串或对象）
+ * @returns {string} - 提取的错误消息
+ */
+function extractErrorMessage(body) {
+  if (!body) {
+    return ''
+  }
+
+  // 处理字符串类型
+  if (typeof body === 'string') {
+    const trimmed = body.trim()
+    if (!trimmed) {
+      return ''
+    }
+    try {
+      const parsed = JSON.parse(trimmed)
+      return extractErrorMessage(parsed)
+    } catch (error) {
+      return trimmed
+    }
+  }
+
+  // 处理对象类型
+  if (typeof body === 'object') {
+    // 常见错误格式: { error: "message" }
+    if (typeof body.error === 'string') {
+      return body.error
+    }
+    // 嵌套错误格式: { error: { message: "..." } }
+    if (body.error && typeof body.error === 'object') {
+      if (typeof body.error.message === 'string') {
+        return body.error.message
+      }
+      if (typeof body.error.error === 'string') {
+        return body.error.error
+      }
+    }
+    // 直接消息格式: { message: "..." }
+    if (typeof body.message === 'string') {
+      return body.message
+    }
+  }
+
+  return ''
+}
+
+/**
+ * 检测是否为账户被禁用或不可用的 400 错误
+ * @param {number} statusCode - HTTP 状态码
+ * @param {*} body - 响应体
+ * @returns {boolean} - 是否为账户禁用错误
+ */
+function isAccountDisabledError(statusCode, body) {
+  if (statusCode !== 400) {
+    return false
+  }
+
+  const message = extractErrorMessage(body)
+  if (!message) {
+    return false
+  }
+  // 将消息全部转换为小写，进行模糊匹配（避免大小写问题）
+  const lowerMessage = message.toLowerCase()
+  // 检测常见的账户禁用/不可用模式
+  return (
+    lowerMessage.includes('organization has been disabled') ||
+    lowerMessage.includes('account has been disabled') ||
+    lowerMessage.includes('account is disabled') ||
+    lowerMessage.includes('no account supporting') ||
+    lowerMessage.includes('account not found') ||
+    lowerMessage.includes('invalid account') ||
+    lowerMessage.includes('too many active sessions')
+  )
+}
+
+module.exports = {
+  sanitizeErrorMessage,
+  sanitizeUpstreamError,
+  extractErrorMessage,
+  isAccountDisabledError
+}

src/utils/oauthHelper.js

@@ -173,7 +173,7 @@ async function exchangeCodeForTokens(authorizationCode, codeVerifier, state, pro
       proxyType: proxyConfig?.type || 'none'
     })
 
-    const response = await axios.post(OAUTH_CONFIG.TOKEN_URL, params, {
+    const axiosConfig = {
       headers: {
         'Content-Type': 'application/json',
         'User-Agent': 'claude-cli/1.0.56 (external, cli)',
@@ -182,9 +182,16 @@ async function exchangeCodeForTokens(authorizationCode, codeVerifier, state, pro
         Referer: 'https://claude.ai/',
         Origin: 'https://claude.ai'
       },
-      httpsAgent: agent,
       timeout: 30000
-    })
+    }
+
+    if (agent) {
+      axiosConfig.httpAgent = agent
+      axiosConfig.httpsAgent = agent
+      axiosConfig.proxy = false
+    }
+
+    const response = await axios.post(OAUTH_CONFIG.TOKEN_URL, params, axiosConfig)
 
     // 记录完整的响应数据到专门的认证详细日志
     logger.authDetail('OAuth token exchange response', response.data)
@@ -378,7 +385,7 @@ async function exchangeSetupTokenCode(authorizationCode, codeVerifier, state, pr
       proxyType: proxyConfig?.type || 'none'
     })
 
-    const response = await axios.post(OAUTH_CONFIG.TOKEN_URL, params, {
+    const axiosConfig = {
       headers: {
         'Content-Type': 'application/json',
         'User-Agent': 'claude-cli/1.0.56 (external, cli)',
@@ -387,9 +394,16 @@ async function exchangeSetupTokenCode(authorizationCode, codeVerifier, state, pr
         Referer: 'https://claude.ai/',
         Origin: 'https://claude.ai'
       },
-      httpsAgent: agent,
       timeout: 30000
-    })
+    }
+
+    if (agent) {
+      axiosConfig.httpAgent = agent
+      axiosConfig.httpsAgent = agent
+      axiosConfig.proxy = false
+    }
+
+    const response = await axios.post(OAUTH_CONFIG.TOKEN_URL, params, axiosConfig)
 
     // 记录完整的响应数据到专门的认证详细日志
     logger.authDetail('Setup Token exchange response', response.data)

src/utils/workosOAuthHelper.js

@@ -40,13 +40,20 @@ async function startDeviceAuthorization(proxyConfig = null) {
       hasProxy: !!agent
     })
 
-    const response = await axios.post(WORKOS_DEVICE_AUTHORIZE_URL, form.toString(), {
+    const axiosConfig = {
       headers: {
         'Content-Type': 'application/x-www-form-urlencoded'
       },
-      httpsAgent: agent,
       timeout: 15000
-    })
+    }
+
+    if (agent) {
+      axiosConfig.httpAgent = agent
+      axiosConfig.httpsAgent = agent
+      axiosConfig.proxy = false
+    }
+
+    const response = await axios.post(WORKOS_DEVICE_AUTHORIZE_URL, form.toString(), axiosConfig)
 
     const data = response.data || {}
 
@@ -108,13 +115,20 @@ async function pollDeviceAuthorization(deviceCode, proxyConfig = null) {
   const agent = ProxyHelper.createProxyAgent(proxyConfig)
 
   try {
-    const response = await axios.post(WORKOS_TOKEN_URL, form.toString(), {
+    const axiosConfig = {
       headers: {
         'Content-Type': 'application/x-www-form-urlencoded'
       },
-      httpsAgent: agent,
       timeout: 15000
-    })
+    }
+
+    if (agent) {
+      axiosConfig.httpAgent = agent
+      axiosConfig.httpsAgent = agent
+      axiosConfig.proxy = false
+    }
+
+    const response = await axios.post(WORKOS_TOKEN_URL, form.toString(), axiosConfig)
 
     const data = response.data || {}
 

src/validators/clients/claudeCodeValidator.js

@@ -131,7 +131,7 @@ class ClaudeCodeValidator {
       const userAgent = req.headers['user-agent'] || ''
       const path = req.path || ''
 
-      const claudeCodePattern = /^claude-cli\/\d+\.\d+\.\d+/i;
+      const claudeCodePattern = /^claude-cli\/\d+\.\d+\.\d+/i
 
       if (!claudeCodePattern.test(userAgent)) {
         // 不是 Claude Code 的请求，此验证器不处理

src/validators/clients/codexCliValidator.js

@@ -53,7 +53,8 @@ class CodexCliValidator {
       // 2. 对于特定路径，进行额外的严格验证
       // 对于 /openai 和 /azure 路径需要完整验证
       const strictValidationPaths = ['/openai', '/azure']
-      const needsStrictValidation = req.path && strictValidationPaths.some(path => req.path.startsWith(path))
+      const needsStrictValidation =
+        req.path && strictValidationPaths.some((path) => req.path.startsWith(path))
 
       if (!needsStrictValidation) {
         // 其他路径，只要 User-Agent 匹配就认为是 Codex CLI

src/validators/clients/geminiCliValidator.js

@@ -55,7 +55,9 @@ class GeminiCliValidator {
         // 包含 generateContent 的路径需要验证 User-Agent
         const geminiCliPattern = /^GeminiCLI\/v?[\d\.]+/i
         if (!geminiCliPattern.test(userAgent)) {
-          logger.debug(`Gemini CLI validation failed - UA mismatch for generateContent: ${userAgent}`)
+          logger.debug(
+            `Gemini CLI validation failed - UA mismatch for generateContent: ${userAgent}`
+          )
           return false
         }
       }

web/admin-spa/src/views/ApiKeysView.vue

@@ -686,15 +686,33 @@
                         class="whitespace-nowrap px-3 py-3 text-gray-700 dark:text-gray-300"
                         style="font-size: 13px"
                       >
-                        <span
-                          v-if="key.lastUsedAt"
-                          class="cursor-help"
-                          style="font-size: 13px"
-                          :title="new Date(key.lastUsedAt).toLocaleString('zh-CN')"
-                        >
-                          {{ formatLastUsed(key.lastUsedAt) }}
-                        </span>
-                        <span v-else class="text-gray-400" style="font-size: 13px">从未使用</span>
+                        <div class="flex flex-col leading-tight">
+                          <span
+                            v-if="key.lastUsedAt"
+                            class="cursor-help"
+                            style="font-size: 13px"
+                            :title="new Date(key.lastUsedAt).toLocaleString('zh-CN')"
+                          >
+                            {{ formatLastUsed(key.lastUsedAt) }}
+                          </span>
+                          <span v-else class="text-gray-400" style="font-size: 13px">从未使用</span>
+                          <span
+                            v-if="hasLastUsageAccount(key)"
+                            class="mt-1 text-xs text-gray-500 dark:text-gray-400"
+                            :title="getLastUsageFullName(key)"
+                          >
+                            {{ getLastUsageDisplayName(key) }}
+                            <span
+                              v-if="!isLastUsageDeleted(key)"
+                              class="ml-1 text-gray-400 dark:text-gray-500"
+                            >
+                              ({{ getLastUsageTypeLabel(key) }})
+                            </span>
+                          </span>
+                          <span v-else class="mt-1 text-xs text-gray-400 dark:text-gray-500">
+                            暂无使用账号
+                          </span>
+                        </div>
                       </td>
                       <!-- 创建时间 -->
                       <td
@@ -1258,11 +1276,31 @@
                       <p class="text-xs text-gray-500 dark:text-gray-400">费用</p>
                     </div>
                   </div>
-                  <div class="mt-2 flex items-center justify-between">
-                    <span class="text-xs text-gray-600 dark:text-gray-400">最后使用</span>
-                    <span class="text-xs font-medium text-gray-700 dark:text-gray-300">{{
-                      formatLastUsed(key.lastUsedAt)
-                    }}</span>
+                  <div class="mt-2 text-xs text-gray-600 dark:text-gray-400">
+                    <div class="flex items-center justify-between">
+                      <span>最后使用</span>
+                      <span class="font-medium text-gray-700 dark:text-gray-300">
+                        {{ key.lastUsedAt ? formatLastUsed(key.lastUsedAt) : '从未使用' }}
+                      </span>
+                    </div>
+                    <div class="mt-1 flex items-center justify-between">
+                      <span>账号</span>
+                      <span
+                        v-if="hasLastUsageAccount(key)"
+                        class="truncate text-gray-500 dark:text-gray-400"
+                        style="max-width: 180px"
+                        :title="getLastUsageFullName(key)"
+                      >
+                        {{ getLastUsageDisplayName(key) }}
+                        <span
+                          v-if="!isLastUsageDeleted(key)"
+                          class="ml-1 text-gray-400 dark:text-gray-500"
+                        >
+                          ({{ getLastUsageTypeLabel(key) }})
+                        </span>
+                      </span>
+                      <span v-else class="text-gray-400 dark:text-gray-500">暂无使用账号</span>
+                    </div>
                   </div>
                 </div>
 
@@ -1765,10 +1803,33 @@
                         class="whitespace-nowrap px-3 py-3 text-gray-700 dark:text-gray-300"
                         style="font-size: 13px"
                       >
-                        <span v-if="key.lastUsedAt" style="font-size: 13px">
-                          {{ formatLastUsed(key.lastUsedAt) }}
-                        </span>
-                        <span v-else class="text-gray-400" style="font-size: 13px">从未使用</span>
+                        <div class="flex flex-col leading-tight">
+                          <span
+                            v-if="key.lastUsedAt"
+                            class="cursor-help"
+                            style="font-size: 13px"
+                            :title="new Date(key.lastUsedAt).toLocaleString('zh-CN')"
+                          >
+                            {{ formatLastUsed(key.lastUsedAt) }}
+                          </span>
+                          <span v-else class="text-gray-400" style="font-size: 13px">从未使用</span>
+                          <span
+                            v-if="hasLastUsageAccount(key)"
+                            class="mt-1 text-xs text-gray-500 dark:text-gray-400"
+                            :title="getLastUsageFullName(key)"
+                          >
+                            {{ getLastUsageDisplayName(key) }}
+                            <span
+                              v-if="!isLastUsageDeleted(key)"
+                              class="ml-1 text-gray-400 dark:text-gray-500"
+                            >
+                              ({{ getLastUsageTypeLabel(key) }})
+                            </span>
+                          </span>
+                          <span v-else class="mt-1 text-xs text-gray-400 dark:text-gray-500">
+                            暂无使用账号
+                          </span>
+                        </div>
                       </td>
                       <td class="operations-column operations-cell px-3 py-3">
                         <div class="flex items-center gap-2">
@@ -3676,6 +3737,100 @@ const formatLastUsed = (dateString) => {
   return date.toLocaleDateString('zh-CN')
 }
 
+const ACCOUNT_TYPE_LABELS = {
+  claude: 'Claude',
+  openai: 'OpenAI',
+  gemini: 'Gemini',
+  droid: 'Droid',
+  deleted: '已删除',
+  other: '其他'
+}
+
+const MAX_LAST_USAGE_NAME_LENGTH = 16
+
+const UUID_PATTERN = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i
+
+const normalizeFrontendAccountCategory = (type) => {
+  if (!type) return 'other'
+  const lower = String(type).toLowerCase()
+  if (lower === 'claude-console' || lower === 'claude_console' || lower === 'claude') {
+    return 'claude'
+  }
+  if (
+    lower === 'openai' ||
+    lower === 'openai-responses' ||
+    lower === 'openai_responses' ||
+    lower === 'azure-openai' ||
+    lower === 'azure_openai'
+  ) {
+    return 'openai'
+  }
+  if (lower === 'gemini') {
+    return 'gemini'
+  }
+  if (lower === 'droid') {
+    return 'droid'
+  }
+  return 'other'
+}
+
+const getLastUsageInfo = (apiKey) => apiKey?.lastUsage || null
+
+const hasLastUsageAccount = (apiKey) => {
+  const info = getLastUsageInfo(apiKey)
+  return !!(info && (info.accountName || info.accountId || info.rawAccountId))
+}
+
+const isLikelyDeletedUsage = (info) => {
+  if (!info) return false
+  if (info.accountCategory === 'deleted') return true
+
+  const rawId = typeof info.rawAccountId === 'string' ? info.rawAccountId.trim() : ''
+  const accountName = typeof info.accountName === 'string' ? info.accountName.trim() : ''
+  const accountType =
+    typeof info.accountType === 'string' ? info.accountType.trim().toLowerCase() : ''
+
+  if (!rawId) return false
+
+  const looksLikeUuid = UUID_PATTERN.test(rawId)
+  const nameMissingOrSame = !accountName || accountName === rawId
+  const typeUnknown =
+    !accountType || accountType === 'unknown' || ACCOUNT_TYPE_LABELS[accountType] === undefined
+
+  return looksLikeUuid && nameMissingOrSame && typeUnknown
+}
+
+const getLastUsageBaseName = (info) => {
+  if (!info) return '未知账号'
+  if (isLikelyDeletedUsage(info)) {
+    return '已删除'
+  }
+  return info.accountName || info.accountId || info.rawAccountId || '未知账号'
+}
+
+const getLastUsageFullName = (apiKey) => getLastUsageBaseName(getLastUsageInfo(apiKey))
+
+const getLastUsageDisplayName = (apiKey) => {
+  const full = getLastUsageFullName(apiKey)
+  return full.length > MAX_LAST_USAGE_NAME_LENGTH
+    ? `${full.slice(0, MAX_LAST_USAGE_NAME_LENGTH)}...`
+    : full
+}
+
+const getLastUsageTypeLabel = (apiKey) => {
+  const info = getLastUsageInfo(apiKey)
+  if (isLikelyDeletedUsage(info)) {
+    return ACCOUNT_TYPE_LABELS.deleted
+  }
+  const category = info?.accountCategory || normalizeFrontendAccountCategory(info?.accountType)
+  return ACCOUNT_TYPE_LABELS[category] || ACCOUNT_TYPE_LABELS.other
+}
+
+const isLastUsageDeleted = (apiKey) => {
+  const info = getLastUsageInfo(apiKey)
+  return isLikelyDeletedUsage(info)
+}
+
 // 清除搜索
 const clearSearch = () => {
   searchKeyword.value = ''
@@ -3785,7 +3940,9 @@ const exportToExcel = () => {
         Token数: formatTokenCount(periodTokens),
         输入Token: formatTokenCount(periodInputTokens),
         输出Token: formatTokenCount(periodOutputTokens),
-        最后使用时间: key.lastUsedAt ? formatDate(key.lastUsedAt) : '从未使用'
+        最后使用时间: key.lastUsedAt ? formatDate(key.lastUsedAt) : '从未使用',
+        最后使用账号: getLastUsageFullName(key),
+        最后使用类型: getLastUsageTypeLabel(key)
       }
 
       // 添加分模型统计

web/admin-spa/src/views/DashboardView.vue

@@ -726,7 +726,8 @@ let accountUsageTrendChartInstance = null
 const accountGroupOptions = [
   { value: 'claude', label: 'Claude' },
   { value: 'openai', label: 'OpenAI' },
-  { value: 'gemini', label: 'Gemini' }
+  { value: 'gemini', label: 'Gemini' },
+  { value: 'droid', label: 'Droid' }
 ]
 
 const accountTrendUpdating = ref(false)