Upload 13 files

.env

@@ -0,0 +1,69 @@
+# ============================================
+# Gemini Business2API 配置示例
+# ============================================
+
+# 代理设置（可选）
+# PROXY=http://127.0.0.1:7890
+
+# API 访问密钥（可选，用于保护 API 端点）
+# API_KEY=your-secret-api-key-here
+
+# 路径前缀（可选，用于隐藏端点路径）
+# 如果设置了，端点将为: /{PATH_PREFIX}/, /{PATH_PREFIX}/v1/
+# 如果未设置，端点将为: /, /v1/
+PATH_PREFIX=your-random-path-prefix
+# 管理员密钥（必需，用于登录管理面板）
+ADMIN_KEY=your-admin-secret-key
+
+# Session加密密钥（可选，自动生成）
+# SESSION_SECRET_KEY=your-session-secret-key
+
+# Session过期时间（可选，单位：小时，默认24小时）
+# SESSION_EXPIRE_HOURS=24
+
+# 服务器完整 URL（可选，用于反代公开日志和图片 URL）
+# BASE_URL=https://your-domain.com
+
+# ============================================
+# 高级配置（可选，使用默认值）
+# ============================================
+
+# 新会话创建最多尝试账户数（默认：5）
+# MAX_NEW_SESSION_TRIES=5
+
+# 请求失败最多重试次数（默认：3）
+# MAX_REQUEST_RETRIES=3
+
+# 每次重试找账户的最大尝试次数（默认：5）
+# MAX_ACCOUNT_SWITCH_TRIES=5
+
+# 账户连续失败阈值（默认：3次）
+# ACCOUNT_FAILURE_THRESHOLD=3
+
+# 429限流错误冷却时间，单位秒（默认：600秒=10分钟）
+# RATE_LIMIT_COOLDOWN_SECONDS=600
+
+# 会话缓存过期时间，单位秒（默认：3600秒=1小时）
+# SESSION_CACHE_TTL_SECONDS=3600
+
+# ============================================
+# 公开展示配置（可选）
+# ============================================
+# Logo URL（公开，为空则不显示）
+# LOGO_URL=https://your-domain.com/logo.png
+
+# 开始对话链接（公开，为空则不显示）
+# CHAT_URL=https://your-chat-app.com
+
+# 模型名称（公开，默认：gemini-business）
+# MODEL_NAME=gemini-business
+
+# ============================================
+# 多账户配置（必需）
+# ============================================
+# 使用 JSON 数组格式配置多个 Gemini 账户
+# 必需字段：secure_c_ses, csesidx, config_id
+# 可选字段：id, host_c_oses, proxy, expires_at
+# 详细配置请参考 accounts_config.example.json
+# 账号配置直接在 accounts_config.json文件配置即可，注意过期时间为北京时间
+ACCOUNTS_CONFIG=[{"secure_c_ses":"your-cookie-here","csesidx":"your-idx","config_id":"your-config","expires_at": "2026-01-08 21:04:39"}]

.env.example

@@ -8,12 +8,20 @@
 # API 访问密钥（可选，用于保护 API 端点）
 # API_KEY=your-secret-api-key-here
 
-# 路径前缀（必需，用于隐藏端点路径）
-PATH_PREFIX=your-random-path-prefix
+# 路径前缀（可选，用于隐藏端点路径）
+# 如果设置了，端点将为: /{PATH_PREFIX}/, /{PATH_PREFIX}/v1/
+# 如果未设置，端点将为: /admin/, /v1/
+# PATH_PREFIX=your-random-path-prefix
 
-# 管理员密钥（必需，用于访问管理端点）
+# 管理员密钥（必需，用于登录管理面板）
 ADMIN_KEY=your-admin-secret-key
 
+# Session加密密钥（可选，自动生成）
+# SESSION_SECRET_KEY=your-session-secret-key
+
+# Session过期时间（可选，单位：小时，默认24小时）
+# SESSION_EXPIRE_HOURS=24
+
 # 服务器完整 URL（可选，用于反代公开日志和图片 URL）
 # BASE_URL=https://your-domain.com
 

.gitignore

@@ -35,10 +35,11 @@ ENV/
 # Project specific
 .env
 *.log
-stats.json
+data/stats.json
+accounts.json
 
 # Generated files
-images/
+data/images/
 static/
 logs/
 

Dockerfile

@@ -14,4 +14,8 @@ COPY uptime_tracker.py .
 COPY core ./core
 # 复制 util 目录
 COPY util ./util
+# 创建数据目录
+RUN mkdir -p ./data/images
+# 声明数据卷（运行时需要 -v 挂载才能持久化）
+VOLUME ["/app/data"]
 CMD ["python", "-u", "main.py"]

README.md

@@ -253,15 +253,15 @@ ACCOUNTS_CONFIG='[
 | ---------------------------------------- | ------ | --------------------------- |
 | `/{PATH_PREFIX}/v1/models`               | GET    | 获取模型列表                |
 | `/{PATH_PREFIX}/v1/chat/completions`     | POST   | 聊天接口（需API_KEY）       |
-| `/{PATH_PREFIX}/admin`                   | GET    | 管理面板（需ADMIN_KEY）     |
-| `/{PATH_PREFIX}/admin/accounts`          | GET    | 获取账户状态（需ADMIN_KEY） |
-| `/{PATH_PREFIX}/admin/accounts-config`   | GET    | 获取账户配置（需ADMIN_KEY） |
-| `/{PATH_PREFIX}/admin/accounts-config`   | PUT    | 更新账户配置（需ADMIN_KEY） |
-| `/{PATH_PREFIX}/admin/accounts/{id}`     | DELETE | 删除指定账户（需ADMIN_KEY） |
-| `/{PATH_PREFIX}/admin/accounts/{id}/disable` | PUT | 禁用指定账户（需ADMIN_KEY） |
-| `/{PATH_PREFIX}/admin/accounts/{id}/enable`  | PUT | 启用指定账户（需ADMIN_KEY） |
-| `/{PATH_PREFIX}/admin/log`               | GET    | 获取系统日志（需ADMIN_KEY） |
-| `/{PATH_PREFIX}/admin/log`               | DELETE | 清空系统日志（需ADMIN_KEY） |
+| `/{PATH_PREFIX}`                   | GET    | 管理面板（需ADMIN_KEY）     |
+| `/{PATH_PREFIX}/accounts`          | GET    | 获取账户状态（需ADMIN_KEY） |
+| `/{PATH_PREFIX}/accounts-config`   | GET    | 获取账户配置（需ADMIN_KEY） |
+| `/{PATH_PREFIX}/accounts-config`   | PUT    | 更新账户配置（需ADMIN_KEY） |
+| `/{PATH_PREFIX}/accounts/{id}`     | DELETE | 删除指定账户（需ADMIN_KEY） |
+| `/{PATH_PREFIX}/accounts/{id}/disable` | PUT | 禁用指定账户（需ADMIN_KEY） |
+| `/{PATH_PREFIX}/accounts/{id}/enable`  | PUT | 启用指定账户（需ADMIN_KEY） |
+| `/{PATH_PREFIX}/log`               | GET    | 获取系统日志（需ADMIN_KEY） |
+| `/{PATH_PREFIX}/log`               | DELETE | 清空系统日志（需ADMIN_KEY） |
 | `/public/log/html`                       | GET    | 公开日志页面（无需认证）    |
 | `/public/stats`                          | GET    | 公开统计信息（无需认证）    |
 | `/public/stats/html`                     | GET    | 实时状态监控页面（无需认证）|
@@ -295,7 +295,7 @@ curl -X POST http://localhost:7860/v1/v1/chat/completions \
 
 ### 多模态输入（支持 100+ 种文件类型）
 
-本项目支持图片、PDF、Office 文档、音频、视频、代码等 100+ 种文件类型。详细列表请查看 [支持的文件类型清单](SUPPORTED_FILE_TYPES.md)。
+本项目支持图片、PDF、Office 文档、音频、视频、代码等 100+ 种文件类型。详细列表请查看 [支持的文件类型清单](docs/SUPPORTED_FILE_TYPES.md)。
 
 #### 图片输入
 
@@ -448,7 +448,7 @@ curl -X POST http://localhost:7860/v1/v1/chat/completions \
 - 🔧 **配置文件** - 5 种格式（YAML, TOML, INI, ENV, Properties）
 - 📚 **电子书** - 2 种格式（EPUB, MOBI）
 
-完整列表和使用示例请查看 [支持的文件类型清单](SUPPORTED_FILE_TYPES.md)
+完整列表和使用示例请查看 [支持的文件类型清单](docs/SUPPORTED_FILE_TYPES.md)
 
 ### 图片生成
 
@@ -488,7 +488,7 @@ curl -X POST http://localhost:7860/v1/v1/chat/completions \
 
 ### 1. 如何在线编辑账户配置？
 
-访问管理面板 `/{PATH_PREFIX}/admin?key=YOUR_ADMIN_KEY`，点击"编辑配置"按钮：
+访问管理面板 `/{PATH_PREFIX}?key=YOUR_ADMIN_KEY`，点击"编辑配置"按钮：
 - ✅ 实时编辑 JSON 格式配置
 - ✅ 保存后立即生效，无需重启
 - ✅ 配置保存到 `accounts.json` 文件
@@ -559,9 +559,9 @@ curl -X POST http://localhost:7860/v1/v1/chat/completions \
 #### 📊 **统计说明**
 
 - **自动计数**：每次聊天请求成功后自动 +1
-- **持久化保存**：保存到 `stats.json` 文件，重启不丢失
+- **持久化保存**：保存到 `data/stats.json` 文件，重启不丢失
 - **实时显示**：管理面板账户卡片实时显示累计次数
-- **数据位置**：`stats.json` → `account_conversations` 字段
+- **数据位置**：`data/stats.json` → `account_conversations` 字段
 
 #### 📈 **显示位置**
 
@@ -577,11 +577,11 @@ curl -X POST http://localhost:7860/v1/v1/chat/completions \
 - 统计范围：仅统计成功的对话请求
 - 失败请求：不计入累计次数
 - 数据格式：`{"account_id": conversation_count}`
-- 重置方式：目前需要手动编辑 `stats.json` 文件
+- 重置方式：目前需要手动编辑 `data/stats.json` 文件
 
 ### 5. 图片生成后在哪里找到文件?
 
-- **临时存储**: 图片保存在 `./images/`，可通过 URL 访问
+- **临时存储**: 图片保存在 `./data/images/`，可通过 URL 访问
 - **重启后会丢失**，建议使用持久化存储
 
 ### 6. 如何设置 BASE_URL?
@@ -669,20 +669,27 @@ gemini-business2api/
 │   └── templates.py               # HTML模板生成
 ├── util/                          # 工具模块
 │   └── streaming_parser.py       # 流式JSON解析器
+├── docs/                         # 文档目录
+│   └── SUPPORTED_FILE_TYPES.md   # 支持的文件类型清单
+├── data/                         # 运行时数据目录
+│   ├── stats.json                # 统计数据（gitignore）
+│   └── images/                   # 生成的图片（gitignore）
+├── script/                       # 辅助脚本
+│   ├── copy-config.js            # 油猴脚本：复制配置到剪贴板
+│   └── download-config.js        # 油猴脚本：下载配置文件
 ├── requirements.txt               # Python依赖
 ├── Dockerfile                     # Docker构建文件
 ├── README.md                      # 项目文档
-├── SUPPORTED_FILE_TYPES.md        # 支持的文件类型清单
 ├── .env.example                   # 环境变量配置示例
 └── accounts_config.example.json   # 多账户配置示例
 ```
 
 **运行时生成的文件和目录**:
 - `accounts.json` - 账户配置持久化文件（Web编辑后保存）
-- `stats.json` - 统计数据（访问量、请求数等）
-- `images/` - 生成的图片存储目录
+- `data/stats.json` - 统计数据（访问量、请求数等）
+- `data/images/` - 生成的图片存储目录
   - HF Pro: `/data/images`（持久化，重启不丢失）
-  - 其他环境: `./images`（临时存储，重启会丢失）
+  - 其他环境: `./data/images`（临时存储，重启会丢失）
 
 **日志系统**:
 - 内存日志缓冲区：最多保存 3000 条日志

accounts.json

@@ -0,0 +1,223 @@
+[
+  {
+    "id": "qvzikjjtqaksdinimiadtl@gmail.com",
+    "csesidx": "2077462123",
+    "config_id": "ea70232b-450e-4d19-8d36-92eb1e899f2e",
+    "secure_c_ses": "CSE.AdwtfTAbNjb_CSIyaCu1lPxXETzGwu4sTDHVjAzDtzh3QCRTqdZmXEZMqEHqBPKV6tP-NfSXGy4rLZqCEb3HSmxOk55k0Gy0-0NAyw6wFk7Fb6bMiCesPA8KeNWXabgH7hQvZ4_rQVsmHDxKrpK7PCHbZrpK1wzORrgOaoObFmL2wUXyrXNKZvt7gdAJsAkU9ek8YLTX0Eo8c8jZ1Q8eAKYVM0Iz82OANH-Pj6XoN6_TQUYGNSTUShWOsDBw9EVvzbAqHUA3ldvFZhqFrwF250huTtC_jcfGrF2DkEeTLbDWpcWxXXeW5O6e8X2je3KrYKmsxsCG5ZGv7PgeC9WocDYJIIWAqE-abKj3KBiAozg9AyyBZ2W1VtUa-6l-LxFyb74cLwTRPWwUC5_y7k5A_varlyILzkcQuU5ud38kNjJgpKPNXw8DTXf10UZ-nDRISwICfMywQv93PA",
+    "host_c_oses": "COS.AfQtEyC5kScHV6Ldz1Xoce0jEEqHz00extvVRBOXpOuGIQWUgMNgmjpZkQLWnVvDMsFowuKxy5flm0Zw9hAj0b7tuewyOR61ceg2EFO7iPaqN0ZM3kmpVvWFdhsaewRsmX1zr0o-A-l8ZB8N",
+    "expires_at": "2026-01-08 21:04:39"
+  },
+  {
+    "id": "kanghyunwoo65@gmail.com",
+    "csesidx": "668833036",
+    "config_id": "06ea7902-019a-46ae-8a39-c322f4719482",
+    "secure_c_ses": "CSE.AdwtfTDhUiB-ww2GWQKV_npY8EM5ZS5zZrLX4MORFxIiHxZTyyDqkNSS1Kl99pnnfukXpu-rP_kYdD5W0xyZee496g0d5qLkJShZP96N9dli26WcgBRSfdyVeQbeqBFYW8SVzZFd3kmDXiorlwfHdsvSkxQzlP0-EYb8MMmumb_LNJD3R0QPJzWfrNNXq8-HgPAJMV9UvncuNQCt37T_yp0lxF6nUDMsFcImfRaWVzNFhNJvkJLJWtx3Zd6-OlDJflXQ1NtC-rhCYFKMHQ9YB8PuNd9hjGqUiPhZEGCZPIhNIlXmBDyFKNOVGuyAUBu4M2GIEiacyrfBIOx_X6ImXy1pf4YaPmfHWVJrdm6A5P4vQpX64yZci-zr4HB2YYRJU9vypPNXcrgJkEQ3clxJYFO54423uQnJdHH4GrD9npYTe9szQGMbItzVYaLBn8VjPFIuiedACU7PZw",
+    "host_c_oses": "COS.AfQtEyDF2RzTrB696_QKwYL8OumNSv5sOeDCTtV_pu0n2wewFb5OG9fpZR_mwd9BGV1E1QU6HGlDftp3Uq6PQtoChtgITTDD0Mdy0DXlb4m0q1zuMUTgEvhXkvME_dGhayCVVsB3DJ62KPGD",
+    "expires_at": "2026-01-08 21:03:46"
+  },
+  {
+    "id": "ryxdhdipkqvdasx@gmail.com",
+    "csesidx": "2061181307",
+    "config_id": "5fc0c329-6e08-48fe-9360-ace12d2d20fd",
+    "secure_c_ses": "CSE.AdwtfTC-PTLDnEDOm_8D12FbLoDaN9VGSW4SylqL8934hXY7YsOYo_S6WecPyiuG-5knaznDe7IQC64A_eBWunnVYp8SZRAg7RJW28CGWM5EaoN_-NSKqtZgH4e66JzTe3mZ3YraOP8gE1YFEjB-1leFsPbqPHjVWISxeSzrovt6wjIgmt5b_WT1J4-AtXuZ4zT2JsEN3u7fn4jGQF7NYhZ8WOS2g4TFGcPhHmTTeJ9dRfxmDkLDRZMm7a93VOYASYfdWY8OycXWSMUs17dypIv5YiA5jtoiklkz3UsGgQQdcUKpUK-wS9-k-owNPXgxZIZTQv8w0Z04E1hJx5_hyXvi_obZu0GPFZt5PbDl48BtA-v_4murOaVqo1dWdaxHp4sr-nDiGlhbbU8Z0_5Ou87WYqfuy1mWWDKgiu2iUSt7lpafqjJ6oX7TMpsigI3GV7ETy0uLHkPCZQ",
+    "host_c_oses": "COS.AfQtEyD3loYX6XjCmwcrUFJYw9IJJ6TbOjsynUkuzY07-51nnl0f69j0go_VOMOUPKPV3gn0l4y42ytTJHtCrVuRuPSZjTE0G5EDxJLg_mQMs6BQz7RgLmmf4Z2Na6WjxVHVcOS5oXi2yt9k",
+    "expires_at": "2026-01-08 21:05:23"
+  },
+  {
+    "id": "fytkzpff@gmail.com",
+    "csesidx": "1397021800",
+    "config_id": "0a178e94-0593-415f-92ca-190c64791798",
+    "secure_c_ses": "CSE.AdwtfTCqP_lDymleaWGP8WnHPvWxNexTBNdK-R6P5R6v0GnrSe5mM66FhreggoeukPBCwkf3IZLXFLrGWwyUjnGpYs2OTguXJuL7oJ6_oNBfN-iV7zYs0uWaCjuYxChL7z9dos0DsTjFZ1SpUvs1m7UMmv2siddkaK8wSVLFb4tycUPCgKZST6K6gm7JfPwxhE6yOl7yhI5DrAMQ65ebVG2IO_phZzyxdTI1c59Qj5clXPK0nOKXRi2IuuPRZDzf2Gjd0nuLYHaW2jgB-M26PWIrj72u_eUuHfjjbmHHKlrfxqIBgbqNFpHqsx3-erWV-H0pVc5-1-9cPQrtlA0_cj3PQ4LBPsFgJndPQwhFu650O9DqExGbWYZjTaBw1pHDBX_CXGdX3IhwIyIKh3HHn-YQCsTzRGFMSmp8bE5iw_CB6Q0x7YiNx8BSuo7noMtIb4uX7Y7-Pkdm7g",
+    "host_c_oses": "COS.AfQtEyAp-AyZPSaCK-dNa1QPky5Y2O5ueevch4f044Zow7EXOQoJHW2xgQEJq7_BPdHR3k3IQhfIBH86Pzi1Tc0TBzLZ7vP6w7EAOvxUIHazFHPJPtJtKXpO9mIvjpoY3V5J9WSh1WnU_hvq",
+    "expires_at": "2026-01-08 21:03:31"
+  },
+  {
+    "id": "vpetrovichivanovichdmitrymikha@gmail.com",
+    "csesidx": "1842103773",
+    "config_id": "ccd05b39-9107-4364-8b60-628dc78256fe",
+    "secure_c_ses": "CSE.AdwtfTCxjhQRubOjg0C_z2lZ7rC_aTsOfsEiydiw8p5yhetZKymHqkrm_DeIfUXo7A0f4B5T2WCrV-3WtAtIv-niPZDBEl80rjkoF3QhN07W4jKN3kAbXvXJHPcc9DkwVeUPUausA4xrNTYOjwAnBHnqIvB_dvc6hej2PVKZcs3DDinHwjVzXxIhxDH9x1GnkL2BS1G149YGH10CnJL9mVjc0j1PXceuE3r_soN1Hr2QzhNgANirRtXIVIMLTK1Rw5rPShgUsun0DgHyBxCRhWaVeB6A96R9dvb3-1a1qzIqXE70G_oypCAneCs3TSHw8tFgWUcXQPTmuiuZNGRg-hsa4tTRpBhCc-_pmJ-HtzhKpR10EPURkn2AOjc5iKw4MOeH186H-VGrnHyKt2NCYcSGeAzTImOIJRre63OoZfFUughfaLCtzHNTCtnpQJ0be-pkqLq_ZDOQwg",
+    "host_c_oses": "COS.AfQtEyCK75zN0utPKF95zDlDZZAbdg0AO-2mZGEHoiuSpE-K5wbGc5gDodwO6Pvgawk2xl7sYrjw1fK0gs7QEgak4Xut6j7dfj03hYWvQiHVNyyT2LG5IqFUxaldoNSSLFQ3Kimy4NZulIJK",
+    "expires_at": "2026-01-08 21:06:50"
+  },
+  {
+    "id": "qgsvslizip3z@gmail.com",
+    "csesidx": "147279001",
+    "config_id": "45f124ac-2083-4a3d-b2c8-ebe623c4cf0d",
+    "secure_c_ses": "CSE.AdwtfTDCzrTHEwjafu04wFI2HQtmNygTeATs1ZGHxKzCtoTJVTHkRBitIIv-PFbmrOTBxSYZYsuPfC4sO3V19qKuhkIWVzG8iRa2fjprII0f6o6mdv02Glk2TEqeIqSbeMZc9DeSJclbCIpB6_7h61WgLjad3FJQSgNMpXWWNJiCbr24sXTA7rMN-w8wG_qiBLRx2u5eBdNo7ouHNNEzt2JIm9RwYWzQnzK2hWA5i-HbM5UbBJCFUkrAGc0SrW1mhoq9qU4fAgZDY-w8B1aeQhdsny0gGjvYHvENzg6g2IypOotm5WZ4nCj8_BuV3PfLPtj4k4Q7c9kpUdGK6bWzYWZa-JrHwww2l1zmuzjhZC4mrUgnUXAbjTxGVtH0w3bqkudaWrlDlvzYSp2vefBhZzE0tujUYJ7Ug8NtYZU5KZlVchyLh6iw8-TssGijY7kXdxeI6n026MUR",
+    "host_c_oses": "COS.AfQtEyDuBfBkPnOXH0KvoduBEpXe4zC0y6G-WozeQd0mpBzRub37DRm9VALpEEB60DOMv1-l7-Nyl3OyVKztSEu1HZZ2tsYHaVXx8Art4dlRiCmnqwxE7QB-vlGiKIFtxVrTTFoe2FENRti6",
+    "expires_at": "2026-01-08 21:07:07"
+  },
+  {
+    "id": "66wp79dlpo29@gmail.com",
+    "csesidx": "758206494",
+    "config_id": "1fa5f2de-dc02-42d3-a07d-3bd5df9744c7",
+    "secure_c_ses": "CSE.AdwtfTCsxgi4Ah0AbGCjLT859NYb6E8E0uvYxFOYu7cF6Pr71eXBPFFfitRMAD23bkH6Diz0f-gsVI6-D46Yukj2rnzmHNLInVeHv-Zp8267NJsyLhhZEBfkPYoEeJk5dZPEahDKvL4XHvI4LiheQX1CoH1G8vrhTKRGdgkK2PsA-itowKvaTjH6L1kTQpRW1RAW4X1hhEWwDruoxKCpsZ-JOnU9N77Ql-nVSGOouDeWocORsivWpnQsIznEUvVmhWYYH3vfVZ3F_RthhC6u0y9xmgwsvQpbWbi3iTy39XlPDQnELWg6N39uX59JYiWbC4F5i6RyloQMk2TtVA2S9otXGguoaeymEuvOGbmQrjFoe0gzoNCn4ai1JFQ6KcBQlVucO5CzQY4ts6aV2H4Z0hbpF1xNKUVvtWPlTi6bf4-160dTQKqQNmtONL8Ttlv71kl5T6m1L-yo7Q",
+    "host_c_oses": "COS.AfQtEyAEnwAjUVsVsHhrxABbcNykgHdZsNPwyX4FAJuVa3mA--pGZPwqR_JBRMi-mtwnLmSeO5HwxGkMoSXd_2B-BVF6ei7PRNh_6sE42rETfK0iKreHoYR29xwuUF-PClTdgzNb8ndtwoiC",
+    "expires_at": "2026-01-08 21:07:20"
+  },
+  {
+    "id": "dewimayadianpermana@gmail.com",
+    "csesidx": "1510317426",
+    "config_id": "f1c9585c-2bf4-48d8-96b8-b1b3ae045074",
+    "secure_c_ses": "CSE.AdwtfTBfGlDyT0GT6J2n1NJ28VlqUQMbkcYfTFrHg0KFQJt4yxjUtTsLQaYGd-Db8WlqLaRneAFP51zsZOZMNvRw15d_1nhRTdZa6Thjv0Tq3f_et2xY0KhdaXlCbohAacpPQwccQK8V1E2k9oZ4ZQH8ZT_P9AZwhwWOGz7WXuUFAaJsNeV29tHI7gHO4xxymbO3ZmHCb9aL9NvIYeeO_nm-n2Z0JzJJKrV1p26b8pv0_NtDQN516LD1mTj-d-KRBGtgGM5jU4Jquva9JPF0Gowxp_3Mne2TLYYgW6Po1piXUPgp0MfxLIMW7nOFZT8R-hXVwLrWKDFlfGDUTPxWQAi7-ac6AYNsisHJzunuL-v9dKaD0mavMHrlw1HJAgYpxhnDRkeZ667kK5juSafP6rh_zSEFXSLthp8RwCyYMZiSD0lpN4ju6sXUwAka3NZOyY7YMxTia_5nbQ",
+    "host_c_oses": "COS.AfQtEyD8DDz8By-E4Xt4zHwdsKy770NeJVV0kmTXR7aRqTSn2pz4yk71hewpEFyB4D3Y9MZ5JOO6h6BNz7m_RMGTs6xI0_5SqqjvJL8ZAwX2sl1xU-KnIp24wFoB7VgqG0r8rXFqtWUlGl3Y",
+    "expires_at": "2026-01-08 21:07:40"
+  },
+  {
+    "id": "setiawanagustridianfitri@gmail.com",
+    "csesidx": "1460987002",
+    "config_id": "2ea88373-32b2-492e-8709-c157867e2b3f",
+    "secure_c_ses": "CSE.AdwtfTBnhMuHm0G-Bl8qsymZgz5ddKnJ3MhseYG5es91uZ3iXApE7EpWjclAUOaVBHJe1Em13kMO6yOhQEafFlABY0vaURNmlQEszRobc4H5kK-Bz_EauztqYNL1oAW3ZSkPN9Hy-btQFkgSmYs0V0ywND6KiOdXsvTjf90EvJ-b2N7uTuLLY32h65eLBV6-5HbGk477sAtAVMHio2SrjC5G8Pm3ldFlzZGXvIxIOVxFJ-ENRu3_-tQNNRp6S7LaFSxGTh7b-yOz6n6DrWiPZuvqGN5llw2WCwBkfezfzo4O2ntLwjQSkcfXkeZstWq-_Ig5wkS3BbZAe1sEMZO7O9tgoVKkLRzOPUMrNtnLYhgE1VN6nqq00eLJiQ2Ui2Ymbco4krFmKKvdDR4daGR0GxKw8qJ-v8lvPMbLGnU3zdtwoKgNngzTux-TwPlHA6RnqHEKcQ_XAgpkJg",
+    "host_c_oses": "COS.AfQtEyC-3yCgrU0kiBYj4h1jUxvtZUzUYkICkBYh3GG8Z_aX9tX_rnPbn8Q1MXaFSh_emchLMFwkbl2ow1BUA6886pooFG8vnYb81dtZvZeyxMqwJHIRXwNeeepYZ-ZXvLZWsXPPemfyCFfZ",
+    "expires_at": "2026-01-09 09:29:35",
+    "disabled": false
+  },
+  {
+    "id": "zhvreejcalezmsf@gmail.com",
+    "csesidx": "56883269",
+    "config_id": "8a3dfa35-6d47-4941-8cf2-223d6b22fc64",
+    "secure_c_ses": "CSE.AdwtfTDpFdHVxAM7bK45pTvtqwTF7zgIoH69wq4Gpu-Ko7jAK-lYq1McP0UnDRqMLNnwKF0EBXf6wnuBl2Rc70NO6gzQFTiRHKnNZVxTnUXLYPuv2jQPWKX0lBixiQCDjuBFnFwh5rG75r6O03tDCmt0RSp_ie9awzb9HMfEFWo1B4xx9NBG5Wm8hKcvhtyEGbkQf4SpZn8ztFUAGDsr9OYMeu-lZS2zZvxW80sedEUJBVBVRczzLULbQch9qwwzHyTuWJ1l3todVNGid19bEgaXh9EJPhaKZ93AdW0F4_ofac1Pttd8qIyjs2tfFprEpGtWSO8eQI6A2EGLsG8CYNWz3UbHfqJOvlxPBMwlq3_mHm624Js41ck2cqTMvlQjnZtbP_lQXaTSXcm8ozDkjRoqaXI5IYO3a3ye3zaPf85UbWocDz0dcBKxfNx82fvgIvUibb0Su6B-",
+    "host_c_oses": "COS.AfQtEyAuIXg4vEmxuRKn20NBkNIyUet2e7qUkubUvp7cIEgv5-_KVssaB5l6ZkPFgAJaeePotByEey6VPE8rfu_BvX0wrq9V2yuPVIRbO6e2BMUvu1k8ZLwYgT4c9HY1A73p1-yBS3wJVIA7",
+    "expires_at": "2026-01-09 09:29:12",
+    "disabled": false
+  },
+  {
+    "id": "ludwigjohannannafischer@gmail.com",
+    "csesidx": "568055810",
+    "config_id": "7d977232-eb5b-4907-9f6c-2889c58b016e",
+    "secure_c_ses": "CSE.AdwtfTBvZ-tDItdMo4UvlggbPfrx9kOzsHKg9pDRqHn8B2Ofu8EnIq4rvQ9twd9mSP8_IzzAH6EQNnLDSJoaxtoeZpgcDfN_YcsXhNQQGJEznWrHh3K0fBELrcgENa7WnVqXefUIlxeAk_BP5NOKQKd7ty5Vou56PSDn4PMSc7zh6KnXFoyhWonqkuVxfba5Z6B68aunyEr50OmY7HoFcS60vb5eX5m7lVXTDK-B07hen75QC-Cfs73efEPRHxCHR8dQubecZmin7nyGWVgvNRIxElYsVwJOIfd6sdbVZWZimswIqCDuzsD7is1glZfPEbICuTM2mOerdJkOs73dUAl4aXz9cWK6cOG_rVozqM2Mu-WNJPhmOI9bMa0vL90se1pSNSG1b30rDPNAbflTzq6AFQDokhZiNply4IvEUIaFatWSDBedBIbEgAzUYXHXwzj-poJAHwnxrQ",
+    "host_c_oses": "COS.AfQtEyB0-ggLgckKQA12cDnG9XfIQhN2j8SNtC7XmMQuSOs2TyWf70EiCeeoOvQfEeYnjTlwCQ6u0StdVAteQlZ9Xz69Qn8ilqeFCyALRHPIugH5imf_Y1ByrMHUrS_9XmaJ8G428zLkk3CN",
+    "expires_at": "2026-01-09 09:28:45",
+    "disabled": false
+  },
+  {
+    "id": "cahyadewisari5@gmail.com",
+    "csesidx": "61801455",
+    "config_id": "138dd0d0-ec6e-4c6c-be55-9c23bfe52d68",
+    "secure_c_ses": "CSE.AdwtfTBmTTxvAR1l627V7DuVT4bVazBn7fcv6p9vcSuO7MK9iQ9X1Y4aFdhDbMVoiaKIsiGnepJbw0KHD33hJxZCKi8ob9i_Rwi06fEsmlWkdPSvww18lRpjhzF23MlZe0Ah2bBmvtzlvXgw1CDZr4q249qZ2_BUXVRxLGMee8n0QbfsrgiTZgwU7fzdnxwLou5Lxcwako_Mk8fHhcTa8ODsS_7y8I3DhjQAv5jNZOK9apSuPH9JMMcn0Fez0wLwDm5Z0U_5ECcN6HR6VkVfSSVqRzfOJNQNaQDxKOzA-gqz-BVZC4ghN-HylKAn1JAGmBE0Mudpv4f8wr2ZtlG2eDrr7UKtA1CrLBTgzKVqkK9blAqwPTZ8d_TM6tneMdd5wBUPdEoOgZOkHgr9tMsG9H-hGkBzNZvqrRcWlt7_xdUhTL1p-aCLBuhe-c3P1AJjk90TiPhA4lXL",
+    "host_c_oses": "COS.AfQtEyBC-XesaeyF0KjTqQOUOzzZtchiEPXDOXAiSTPmEkakqhTMRU7d_6lss8NcuNq6TZP1eBw6lecv-Ks3NHLlPpUwy-BZKhai6AsAvwjR23j6Txf7JpsUweQHk7poQAQOAEMdUsQTDTYb",
+    "expires_at": "2026-01-09 09:26:39",
+    "disabled": false
+  },
+  {
+    "id": "robertsislaamelia957@gmail.com",
+    "csesidx": "124360125",
+    "config_id": "bbfaba1c-8cda-4c5b-bd54-90fc74095abc",
+    "secure_c_ses": "CSE.AdwtfTDCF2_ThPC274-icqtHLCm1F9t90K5LN3AxlA06o8GMQFBdavwE_Wwi3kyGFC916CqJ2rBJL2f-Tbg532SnSIihsCn8FYBcEjKQ6gX8_B71hSbz6iGPI3Vj49ZGxnfY_YJm63-iq9tPrnjemnhr9wYeiccpEMH2kjKjYeHtrcawmpuMA546CJqFqMlGKFJwJvpQ4DpXiJWBz3FrSYte_NfX4peOt0lkcULYba-s5VS9tjZotL5M5-WSL4X2xZv3R4L3JaW6Im-gPoopiNwLvP2oCsYwBZA3EYufP5gy92ZY9U14aelbrHpEutZ2aXlZk3MEwdRWxqfH2LL5JpXfFMNZ8-EZkljqcGt65lrHDgbLlOuxbE1TalIN8IpCdHXZvkcSaFJ8Xn39N1UyRtyf3EgxmogTtYMojemznU51_hGC1gIXyJb8lvz82cjysbg4oMq2bhs9",
+    "host_c_oses": "COS.AfQtEyBzEW7vuiZZ5Uj9kNqlNqTMFCD-YL9wTEe4NCXEjTDi3cnSh7wURlVr5f2BSGB5T48xM0ZY7zZBLiPJHiLdFBYMWstEuWwbVBV9pzIzv6dMPpIpwpIYMr-2ku1I14WYpGAwKIRolb5J",
+    "expires_at": "2026-01-09 09:25:58",
+    "disabled": false
+  },
+  {
+    "id": "thimaivanbinhho@gmail.com",
+    "csesidx": "2102457917",
+    "config_id": "72d7429e-8dfc-4cb9-9985-b877dcb3ffca",
+    "secure_c_ses": "CSE.AdwtfTBDeZzxbcU4Ag1yJH00muvfgy3WizZJ7AHhevS-ZF4QklJZW_em_BvY-B-OXn42SmTjTzcDF7IVGeYNPnsA7JeoBOHsg8aMxPGzbe_cxwrIG6bIVWcdjiw7u-ZbswaWnm0GzcuDVY75Ut5LwXC7HBx4uJhEshLsZqbP5DVRtmTL9ak7M3fr70M-aasmc9HdCqLycWSZmpYYK6CvmgD3kJzhCXNOPHB5AOpPlQr0VthfHtj2HqSh0JoB1Lv41AhFDIcL0owFWNoIC1zpwCh5agtPMe2gFsJN_9xBGVabj6RGzjjk4MfWg51XRtiGdaloPu6jfwqf8QOqw2eGqIVSm8usdwV3GYOJXK03qKQcHnsDIL5RaB5KpOEZQCp55_JE8Wjomiv5pl1C2HuLd7aGVnXFB__ha30UgFyHBqTdcbCR81Ik5fllvKlHNmvbysJlsRmBeMMB-w",
+    "host_c_oses": "COS.AfQtEyCQzAfRXFoDwb7JqGaI7aZCk4Vxhze80_H_rALLuRH7ZIe9T1-Ev5t0-XWpWq_L08IlbpLznnsUYagbiogQay_vuQ6ARGvJh-Fsb2zjrxJBjvNhOBRWFSFR6pn5QgjA9nfPQeuTYiwe",
+    "expires_at": "2026-01-09 09:25:40"
+  },
+  {
+    "id": "kuznetsovmariamikhail@gmail.com",
+    "csesidx": "516526177",
+    "config_id": "f44bd49b-275d-43c5-8db6-7cb9da618a64",
+    "secure_c_ses": "CSE.AdwtfTC9yumNS5mPk9TE_jyrEji0Ufr6MUZrNkemz3jE_uvQT6AK7GaktzrrRhq4NH4_wK98JhKxbghsVeQFvtPPKezRZiIYBF8KAZggogPWszPQu-I_bOWeETFQLXO7bOZ3C93qznHuLPfFwM69P-JuTDCCJk8Q6xWhJWX5b6gbJJMDTH9uWWZNVVLiR1wUNN8C9qrEwkdKMM4ZeXH28c5-ybAy62zQyhhF_Sa2X7iKET2sNCMx91sphDKiZQXr8n_fEo5CLLNMPXsQKbnc0r_0O8yvpdiFwos7uCUp7wQitKLqoqNP0BEKF6bHgvN2S7LW-kB_jvNBO5jmTFTBCteb76n2m5bwQqJvXSur2HktGVs4PWSlMsKpJplhk91Dq71k2G6qx092AIJkzLjX7Ora_MfSBLZOPNqAvcGq5AotRm9zrCDH0vmiY6IP86KizGaeu4IJPG82_Q",
+    "host_c_oses": "COS.AfQtEyDc37SdDWnkZvQL6z1RfOt5UBZeIRhIOMjl8T_pHXSSB961F7uiJFhuHEpJE29mFtnFGNfoo0GNCG10Td_W_ooEfi0E6_Uf5bW0md7Hcxym2TPp8OoZuONlXIy6zig0DAiIXaHyEp0_",
+    "expires_at": "2026-01-09 09:25:19"
+  },
+  {
+    "id": "zbdlhrqjejtqqjaistbye@gmail.com",
+    "csesidx": "613137890",
+    "config_id": "7dff83f6-9756-4e52-aa5b-1b1a7747594d",
+    "secure_c_ses": "CSE.AdwtfTAxX23Bbi5voc4UKYVeNlCgCr7fPajOWgvgMU6tGVucBdTrftHdNvSnnHjcxE0c1NNWV1-MsN_Ra0EgWf6QE0NLmBZiDQEeJF1PLs-K9Oxx4L0xRJ6x1OT12Il0TgHL8Ge4oravsmZitpaxE3lcX_exxraJfrhck3xVQxxE7rmrJO6qXzcqkHTYKslbTUi_zTD6rL52cpe-ELCZwV3f0OMMwDHSg44iPRaWxgbJ1ye8XXCHylScZjU_8pjpt_22abA-vHsfHElGFGUypuuvAfFVLYlkRcejy97vruB_BKB_aKHzYwZ6PZFVAE3WQUKp_kd_xIeJmbmBFwSDNcM1VIGMyGYO0O8H_eepZZb1qdcIuhGrJIvO1jxo6WwcbDbdTjbrBDrVLpA5bMy8c0vdNcJpvIeUJGYg94sBAbBw5xsQreRRpklAB-snyVdZmzYuElVPdfdjOQ",
+    "host_c_oses": "COS.AfQtEyARr2Yz2PRP_Jge3x4J_SdXSplDdZYeAFpcOkcSpO9J65tnjlagDeJG4msHa8k8sUXn70e8Iw5KOu5z1EMBeRzB1PhgiZ26QlybVOaBChbwQTxqWVaj2pze77jmGHO44s362jmm6DRa",
+    "expires_at": "2026-01-09 09:23:52"
+  },
+  {
+    "id": "zhangsy.dreamer2@gmail.com",
+    "csesidx": "1834748654",
+    "config_id": "782e9083-0012-4fb7-848b-097790e165c6",
+    "secure_c_ses": "CSE.AdwtfTBDBOsvXcd2uWKiG3R_6nnOuik6GK90cmOlglqNhUp1FB6vSbAtrAb1_f_sQnnSYpWHSAI44jQbs0oM0SibgFxCWC2yv8i4GuXktROE1Jr6PDkbvFjxp0iNFu8DcwHvDDn435KrxcEx_aULfUUgZyAtZAOT1Jt8t8cvqqYCWQyzWl5UgahXpImnjuZIObTW4kW5Ih7pq4O06_6kRTYrDdnfz_og4DVN94bBAzS665-ejECp_WRYTBcefICtDI6MmkwSL1rKofhjU5rNopI_tXTdEBe1WO1PoYTg2H1TrhlXmkhb9EuLznH5i-KlNwSGu5vpjw7Fkd29WpVdAIGofNex4Ifr_EWYg_mmIOY9ZNrliwatBJV2wHNCyvFI0Eb-bMWixYPe2gNwkWP4YeZDN1oDRl0SkrJ99eeIvZjrhrCITH1dTZglfe2T8zN4VnUCkCLg67jCdg",
+    "host_c_oses": "COS.AfQtEyCy4U9UOl941eP5i9nHt-bxOON9kYXVaUFk3bN9c-uhoU5S9oNV4Ty0jMo8dT6Nk0lLAsKoLfLxTqUxMtr5VBLQbjFKB2gtInYodPgWHQB4QwAtLv8QMKBSCeN98dLWQNUHC56XYd7v",
+    "expires_at": "2026-01-08 21:12:51"
+  },
+  {
+    "id": "95d4r6wxl1s3@gmail.com",
+    "csesidx": "382938560",
+    "config_id": "60301a41-da8d-444d-b6c4-d5403cf2ac7a",
+    "secure_c_ses": "CSE.AdwtfTCgUh7DA_FwniHbez07GQ04ExF0ALs5BixnXtfnZMu9_giGTUK-6shncxnVCXjIfgewfCcipzCDBNxzSaaWv4Ylwr8dqKahkYe6yg5cOfstBQl7wm0YNYvxzkKLNQsT3K3BJWwDv_o3R1XsFojRC_rPKD6zT4VW_AFKTvHkMtCPVvYWSWsHwXh5vdf3lFIAidxbkP58JCDTipXEfE5uG_7Fvr54hNJ7B0rNB2O8ZYYMjbMFhG-T2eMZ1ItKDxxmOEYkX3j27pk68R_ioD8yDocfp-dBM9jRRlaFwjQbGmIUh-2bfKABLFxX8Sk5IDb3UdnSn7X00Dy03BdpWFzNYUp5wYfByCRz7TNL3JTSuZ-7drZEIHU3A8NRCxOt_rvffU_9tUEdF48yyJiqCkP8VIKzsgE2WUXzHAL-SUG2LJcO87KrBuj0Zbn-PQusZM3DhRdq-_2_ug",
+    "host_c_oses": "COS.AfQtEyAYPCVFiuk-KAAD-S5MzX2vCPETXo05J8_PF9Xyy3CfLCa0yPmSPtCGq5eyHeFg-itwXYtM4s_CKCUE_diqPeWtLXSWhXecmvc4abxMmT63FCsdgiumI_7u_kQAEwLW-VfTVyXnwa6w",
+    "expires_at": "2026-01-08 21:12:35"
+  },
+  {
+    "id": "zhangsy.dreamer@gmail.com",
+    "csesidx": "787806297",
+    "config_id": "92e1ef11-0965-40f6-8cfb-eae19dd9b624",
+    "secure_c_ses": "CSE.AdwtfTDiVWQJ0VYblIB8Xx3UWYlx5Goa8oT2u3ZW_v9lrPu2Gy1uN094Om_BKdvKHwl4PBQBlPbbd3Os9iBAS2vnZjjMoJNTvvYa9BzihS3xTtJ8lARH3XNxri80jW1mtvmn3adMwQa3A32KhKCRAvBaL5_NHg78iXNErobOM1q1vUPgwnhmb8dQtNvwieA2BDVeYLAic3O1Rbh4gvhbakPMbfg08ogWHFLomcSuai5OWJW7Sr4-ySTtgtxb7_FZ8owjjtBWsLhdr-Kdy4mbEGsNBmF2rhBpPOy-OPrU8JtygjzPLkxROvRG6F8_abx2oLzzW4f2QAEbUSFNDmYif3OZwPL89jppXa1MjbA7AAD6ClV-EkKx5vkeiJZCkEk14mRyZOKATzjzJLoA5wyE9Hkhzl5SNsjB5oAg1RsMGXYf2vclkz3GrpThUtslPt5aWTYHDxhp_3PZLA",
+    "host_c_oses": "COS.AfQtEyDHp_smdmvO4NCpetOK7jLsrm7wKWltNeYeube4IPiK034RgkUdlb7Kfkl3MbOkt5qQh-gCS6M7MutcyuqNOnBrV2_2nzMcvK8hsw5fcMK22r9Z55S01WS0sJqvgz6vAW0ETZwzAOIZ",
+    "expires_at": "2026-01-08 21:13:43"
+  },
+  {
+    "id": "vuqumo@gmail.com",
+    "csesidx": "355439776",
+    "config_id": "96962f36-79c3-4f33-81e6-66d38a48c231",
+    "secure_c_ses": "CSE.AdwtfTA9DXjXh7mBmoFbGqVNsll-NNcr7D4jv5MjhAkMFJfL3T6bZtJB0Y4X2GkvVbgat_kzJTkdPJsFKL0S_U8J6i_rbu_yYWre0a1mPX80LtojKh40LYMeeCbvSosZVhuctQ9p2nE5Hbty4_jX6zXdqs46bEnLT4EvukfjJLTaZHPSjYihVJQ78ug0zH6i_jhabrwpadZbDe0_jaZpvb04zvggs13ErnubD95k6Ao7vX0Mi2Jf4qKg7sPv8M-tgYXkflUO7H00blibbytAiXF-xJhCeCINAtFwM0ejisnm8M83j0DkOQ-iVxh2xTdSOjFqYHrToBPyvKPQySE_tD45gpv0Le5iG41UqkjVkP58aNhKKKRfy8gfJaktA3KyyjBPuQFrdfUiAcSwHGhYUpHW5w9_K_QpK6gFtmXa3nlFzMEvS_eGuw4FFJKQdFvF7lzmm6oEISlJSQ",
+    "host_c_oses": "COS.AfQtEyBlj1M1ra8vg8MMCGYUmYqW7AUsubY1aP8SBF8r86TkJlHcWPCvJXKVyVd6COakigc5mIgMz9UucxsZSmIS7avKqOZdF9oAR7_u4zJHt7fsRRzVPdials1g41CshiNALzsay0bxkgyq",
+    "expires_at": "2026-01-08 21:13:21"
+  },
+  {
+    "id": "baipiaoyouhui001@gmail.com",
+    "csesidx": "2064418629",
+    "config_id": "0cd70003-1ed9-4059-8f31-90364ee3f000",
+    "secure_c_ses": "CSE.AdwtfTCQip7_nUoII86jjLGjO4iT-9BekDpVFqcDY9eRyWAiDE9j6ZkcQNI0Ido2xeHU9RsVjZWFfRilcmlRakU4jRZRNIiGZxQGC7ptb2aVxNRL5QSjwZ6mV41iEbDeLnmiECqkdQOH188kK6rB6vfrcGJUw94lYosUYBsxu6VsdsNeq_joLrd_4nmA0diwYkQAo-rehLtYWboBw-MOjvzYU8-1_ONNVpjk6kOj95ANzCvs8-vorkmI8ugc8N9e6SGUm1KBagSNa2kjioN5jHJJ1FdcbQXrgRMKGVQyTgUKPeFUqiOZ8s2dwG3xsSZJIZIuv6Okg3E5FdYWnPNaOpSzPYslyNLV45vyCCQL_CHTEau1yl3FXzV5giFKraGCDq5GihzvgFJbPTgkgbNlTt9lHtgkQzUKsr4ZMGgiF80LlfNeVFsFV1IZ70GcCLwdob1upRVL-p2AJQ",
+    "host_c_oses": "COS.AfQtEyBcoy24Ng2ArWmvAQth8DnCiUmlnrgp1qw3HcH69Tgqr7ANGDk1tihgZ9aAcyz8TbT01iRjerOxoWKP7LkqD8_ICK91H-OeUMhwdimPGDn5U_67iBJthA1FWUoFGBnx52fz1qyCX0s9",
+    "expires_at": "2026-01-08 21:12:15"
+  },
+  {
+    "id": "zhangsy404@gmail.com",
+    "csesidx": "1725184524",
+    "config_id": "c638af83-a43f-495e-985e-8f33146d53b6",
+    "secure_c_ses": "CSE.AdwtfTBvXrGFGcN30_uT_cDFQJfctcTqOojz5bKTzzq7DxNGKLDSTAYB9_UpJyyyWYxL3paKtGUgcaWo5QwrH4oxkkLKbm1ZZixamSflRDvWR7gIvFopVtznFRX9GkV3jZwflYNTJ9VHwh5cyEpWVabGZDr6Aa6UPPDzuSB5IH46I6Vq7aa5IhqFChJ5IRnXOnbkb-Gkx9rItlzKNk_E3cKKNkQD_dftCchpd-knvawq7Mvt_ydGfpYPJGOtw-ec5BJy9yQ7yEAaXv3AmxPv8WrgBazi_1okXN-TQqxtYntOoX7OfEUuthXzCf_wDfNrokrxr7V4jrWR8pyXWvsV5Z3Yfcborf61e6R-BEYJIi-rrU0-utS1us74s8pL-WiaWuVVFgYLWlp32Mkxrb56fSlKHjS5_WFbD9-jplly0S5sf-feCK9MdDiBN22eEl1jqGHtUP0Z24eiug",
+    "host_c_oses": "COS.AfQtEyDuSTIf-otgTfEk7WxjYQAad5hqS3K5fewAO9aCrN2pKcSKssbBSAUForw02w8lMGfSRnAe0vyRkxKjr8TVmLf67bCUNMRclAPx1YGN7H3m6OzezI6hlsCnyAJRcyr_xNASZ00cQtNc",
+    "expires_at": "2026-01-08 21:11:47"
+  },
+  {
+    "id": "vovanlan152@gmail.com",
+    "csesidx": "1880271056",
+    "config_id": "4fbf6a48-6353-4c1e-8294-b5cd6f1f35ba",
+    "secure_c_ses": "CSE.AdwtfTABqBtO4KEigR5xbVrTNiEhlmSGqI7lSZ8hzFkINozVQVOZw8Zq6yF6Gg4pMce1zxwJKndgo4zMHCi1lgEqrFz719vzNQzg3gooVcRY8S7Bd3Jd3AhWcy5Vzr66t5XTnsAsN8d3x-59FOLdl7L1GSayrbQTmBeVpBE6Vby437E_rAqg6GGStfZGj3WoYTjoKBE4-cj11GN-CJqLD3XRJUEQewgYDTAWBD7YytkfZsYIhY1QSOUCdyFjtPGPXsE5YwP0EU1jsnt8y1O6qd96L1coRZFFSmDzoQWpR7U2H4-VSgruDXKSzAPPd_q8hg2ioNbtXcBiLUTbI_1bDqPvpPjs1nDbwgEeYBvCDVxZTmLRSdlN_mLFGxV82WgMEoBgmG8_WUVhN9GeEgeZ_ldagh7ktUJYLQBP11MHeB-VsDOp1nuTqxFe3wfbrYN7_fK1Zxvh0fnGgA",
+    "host_c_oses": "COS.AfQtEyDgr2RrhUdYEmGP4S7i8CZlC7P-j1r__PVfLc7bNwuNYPLoNfHXTzpllxbByxAhMsWvKpGcw7WDm6XT4Y6xKTPiUPZ6n4HrVzs0z_Enp_rgqAlsmxc2kXfhHUZfRE5ijRJ5PnRAS0hA",
+    "expires_at": "2026-01-08 21:11:20"
+  },
+  {
+    "id": "kxhwyxjlhykpxbnqdefhpqkm@gmail.com",
+    "csesidx": "1551335924",
+    "config_id": "17342b42-2daf-410c-9c4c-4000bc274123",
+    "secure_c_ses": "CSE.AdwtfTAPiexnyfi929pvHPhRzbU-rLzIkUpB2AVGQWPnHErk4Z6FlNyZZIVgTLzp6IZBHXQ0K6ewZue-sUfzd58UqO2awSrV2urF1hTAQ9fTAcC2Y9uf57fTYTDh6FMDFjWsdEyp9-gy-IghS8Bd-3Ymu0j0QBkS4ism4HYbUaqlARZT1syU-FX1-1bqXYdbTpsw47AY31I9qCpo5gqDasUb5ItTKkfa8H3IDMIybP0Dhl_5VmeFrGJcNJep8DsAcwRRHNFhbuKvrqZrYpPUqzcDSvUHu_qrgd0YB1Vo5Jy6Ug7fyvI8Yz2bgvxhbcWHLxGNc_Qdwcz45awXfYGb3vnunUIQw492wzaQN3ltRUFPziigSDn2xAGFa1kv2rL2qno9MwpV7nTZSHbEVQnDqfUh8AHXeKrgO7dzFwJjcL215maFOS3iIz4t8bMyCiz7ouJpMcvm-QMhIg",
+    "host_c_oses": "COS.AfQtEyCnmkhZXlRiVMwY3sALY9lC4eXZZ_cmTU-B8jSHemyHcA4RzK8H5d5_of1KhZpor_Nj-f68Wn63OSZSmPKKtqwkyB7UADH9qhOdyk_MnAldWX1pYEQ_XbZ1n4cSlVIQYzoweU08lCU6",
+    "expires_at": "2026-01-08 21:10:14"
+  },
+  {
+    "id": "khqeuulrjibqsnob@gmail.com",
+    "csesidx": "1282154517",
+    "config_id": "e7d694c4-01a3-4fff-85cb-503538035af5",
+    "secure_c_ses": "CSE.AdwtfTAW4KbOsm405yTMqcGKCUDSl5M0SF28mKC6fnQn47kLJ49xctHSL9mwLToh7bQKJ3REgmc5xYI1fRnXLZ9xyGhfevZnufCuS4ZCUYlu23BAV9DJuoBlOi-1nEA9LxRUeu-Jr9nPtu_UKwqMa3hrdidi60y6-7NjoLnjfjTKFBUX_mMGsfLEUQbJvSw3wIO9vlzyfpgxEWFuAQowYQW3jzsgQOr7S2NsXcSuC5_6tsR_2VrqKzSzckrLHvOqvjBWWbkPIc05o7sP-2IE4QWz9-mwYz09-cZsJzNmW_2gyg1CXK4zwD9ya-_b_bZCav5Eatv0swf0q30RV0CHtVGHoqKzX3UNAhOaUUtP9CxXmeIRtNu-P7Imxt_1ahaX2dc5lZvY0XT5ZNkq5mpoeZLBNHt1JjrEefjJDLptW5Icd8sDl-B7osDYBwKP3ugueTnPWSiBi9l3ow",
+    "host_c_oses": "COS.AfQtEyBwij1hmkfIfDRuLlVAWshpMzJuZSCnQvlw-l-slJVG-7dNURzy0OnBhhI9Bf43BU73njMNHpERR_H90x5TgSvA_oA9-f9QwCIz8x9NPFH4M1eh79iSgqFJwbEkPVy-fa-Bai6I0LUW",
+    "expires_at": "2026-01-08 21:09:49"
+  },
+  {
+    "id": "jwdrhceoqsompvnwy@gmail.com",
+    "csesidx": "1657726537",
+    "config_id": "4d6632ea-956e-454b-8ddf-0ca4b41b6608",
+    "secure_c_ses": "CSE.AdwtfTDKUhjSqqEgXYCMC8FNFePn7MZkh1Fq0cfFjvVI6VKRka_JqyLuG_ZIzAcskKMJxPK9Bd34QDJhSJqdSlN2LYtVXWPzl2kU7IFynQ42CVd2Be73y1EVmAmJfogbJadwQ_MN5x3QK0I3vnlPWi6qnejNCFFBKs_HNQFSRnQkOwBn3GWpSWkzmEKNsU5BBXw0cik6c6JD5UHcDVB8jVnrlrRO3LOgGt8KVYaDFpZFFP-A42zKZLooDuFKGBXAfWA9jd35zQiCZUKVcvKLipGS70A4pZEj-y4iuyZFGpqO0CfgjxGa218jyPKUnhFk5Z94udcJPvpO-LcDsM57WhDetBJDNtiKkIAft2odP2WiIu1XAH26Tr2Sf4ytyO2v37HhYS7nxVQhiYvklu2d0c4GoRxY3USGwkRoTHcX9PTGmwtxPqniBCEUZVNBdzTtLM2BD1nKSh7rKA",
+    "host_c_oses": "COS.AfQtEyAD-BW9EMI-fQk4I2ijz2p84Yh-jW7FdlbQ1zRbqwVA4nil3T2oit2--_HkPcg3Zn32cSuY1mj2yDW6bYjodrBrLpMzX6ppAbF5pt7d8n_V__VIChvrgAGYIi2RpXwSRB5MdvTDVYAa",
+    "expires_at": "2026-01-08 21:09:21"
+  },
+  {
+    "id": "smariamariepaul@gmail.com",
+    "csesidx": "1012844174",
+    "config_id": "fa083019-0c5f-46fe-8338-7e94ffa36b5b",
+    "secure_c_ses": "CSE.AdwtfTCIqwUpajcOSccv6vATc_Dh3MGEnYqHPoMuXeFcx6V3AX6pdbKLvv3bHH8qtk_he_qnzCSrmYJx1Kx3tLWJWTBPSpIOK3TcFsrphWP4ieotH2l1cM3RVm01tnJaTEEFxckPT5Htf6M4QYjKE6_sEhvytDo-71V-pU4-XcxPY8o_bzT-VsYmyEF2pQVnR2AqK5Dm5i07SXivLfYzvdGRK4Mgk5twLdrh0YtyE9lrTi4UewQr86042V9W2GIg2hIxyeY2JrBDq1qkVFdcdqANIDiGPshPfdO_N1BcbKuwOMzugZKmSOhRj-GZd8bnHvRZyljcJ1gB6nHDS5U2-KMi-aLPle6kXarZG1BLaQmXw0ZW6z-hPULPH_n3Ua1NhEn_d7RBMWTZZl1yb84TgOHayoOKKtpnBOAKvVjoBk3nrwY4Xa95-7y5lGZocYWS89mAv3hq21zHqQ",
+    "host_c_oses": "COS.AfQtEyA8iRkEZykLBMt4oTtqW8mlQqOQtY7QP3lwHhnZwU3HqdA7PGVMtWYhOucRTOd4F7W-mNkUxXHOIVnQscpL_6yF9xvEYTv8E9JeLPLlBs-gXOr9zEs0B4BBZRdqktRPVPehETo6txzy",
+    "expires_at": "2026-01-08 21:08:55"
+  }
+]

docker-compose.yml

@@ -0,0 +1,10 @@
+services:
+  gemini-api:
+    build: .
+    ports:
+      - "7860:7860"
+    volumes:
+      - ./data:/app/data
+    env_file:
+      - .env
+    restart: unless-stopped

main.py

@@ -1,23 +1,47 @@
-import json, time, hmac, hashlib, base64, os, asyncio, uuid, ssl, re
+import json, time, os, asyncio, uuid, ssl, re
 from datetime import datetime, timezone, timedelta
 from typing import List, Optional, Union, Dict, Any
-from dataclasses import dataclass
 import logging
 from dotenv import load_dotenv
 
 import httpx
 import aiofiles
-from fastapi import FastAPI, HTTPException, Header, Request, Body
-from fastapi.responses import StreamingResponse, HTMLResponse, JSONResponse
+from fastapi import FastAPI, HTTPException, Header, Request, Body, Form
+from fastapi.responses import StreamingResponse, HTMLResponse, JSONResponse, RedirectResponse
 from fastapi.staticfiles import StaticFiles
 from pydantic import BaseModel
 from util.streaming_parser import parse_json_array_stream_async
 from collections import deque
 from threading import Lock
-from functools import wraps
 
-# 导入认证装饰器
-from core.auth import require_path_prefix, require_admin_auth, require_path_and_admin
+# 导入认证模块
+from core.auth import verify_api_key
+from core.session_auth import is_logged_in, login_user, logout_user, require_login, generate_session_secret
+
+# 导入核心模块
+from core.message import (
+    get_conversation_key,
+    parse_last_message,
+    build_full_context_text
+)
+from core.google_api import (
+    get_common_headers,
+    create_google_session,
+    upload_context_file,
+    get_session_file_metadata,
+    download_image_with_jwt,
+    save_image_to_hf
+)
+from core.account import (
+    AccountManager,
+    MultiAccountManager,
+    format_account_expiration,
+    load_multi_account_config,
+    load_accounts_from_source,
+    update_accounts_config as _update_accounts_config,
+    delete_account as _delete_account,
+    update_account_disabled_status as _update_account_disabled_status
+)
 
 # 导入 Uptime 追踪器
 import uptime_tracker
@@ -29,7 +53,7 @@ log_buffer = deque(maxlen=3000)
 log_lock = Lock()
 
 # 统计数据持久化
-STATS_FILE = "stats.json"
+STATS_FILE = "data/stats.json"
 stats_lock = asyncio.Lock()  # 改为异步锁
 
 async def load_stats():
@@ -95,25 +119,25 @@ logger.addHandler(memory_handler)
 
 load_dotenv()
 # ---------- 配置 ----------
-PROXY        = os.getenv("PROXY") or None
+PROXY        = os.getenv("PROXY", "")
 TIMEOUT_SECONDS = 600
-API_KEY      = os.getenv("API_KEY") or None  # API 访问密钥（可选）
-PATH_PREFIX  = os.getenv("PATH_PREFIX")      # 路径前缀（必需，用于隐藏端点）
-ADMIN_KEY    = os.getenv("ADMIN_KEY")        # 管理员密钥（必需，用于访问管理端点）
-BASE_URL     = os.getenv("BASE_URL")         # 服务器完整URL（可选，用于图片URL生成）
+API_KEY      = os.getenv("API_KEY", "")           # API 访问密钥（可选，用于保护API端点）
+PATH_PREFIX  = os.getenv("PATH_PREFIX", "")       # 路径前缀（可选，用于隐藏端点路径）
+ADMIN_KEY    = os.getenv("ADMIN_KEY", "")         # 管理员密钥（必需，用于登录）
+BASE_URL     = os.getenv("BASE_URL", "")          # 服务器完整URL（可选，用于图片URL生成）
+SESSION_SECRET_KEY = os.getenv("SESSION_SECRET_KEY", generate_session_secret())  # Session加密密钥（自动生成）
+SESSION_EXPIRE_HOURS = int(os.getenv("SESSION_EXPIRE_HOURS", "24"))  # Session过期时间（默认24小时）
 
 # ---------- 公开展示配置 ----------
 LOGO_URL     = os.getenv("LOGO_URL", "")  # Logo URL（公开，为空则不显示）
 CHAT_URL     = os.getenv("CHAT_URL", "")  # 开始对话链接（公开，为空则不显示）
 MODEL_NAME   = os.getenv("MODEL_NAME", "gemini-business")  # 模型名称（公开）
-HIDE_HOME_PAGE = os.getenv("HIDE_HOME_PAGE", "").lower() == "true"  # 是否隐藏首页（默认不隐藏）
 
 # ---------- 图片存储配置 ----------
-# 自动检测存储路径：优先使用持久化存储，否则使用临时存储
 if os.path.exists("/data"):
-    IMAGE_DIR = "/data/images"  # HF Pro持久化存储（重启不丢失）
+    IMAGE_DIR = "/data/images"  # HF Pro持久化存储
 else:
-    IMAGE_DIR = "./images"  # 临时存储（重启会丢失）
+    IMAGE_DIR = "./data/images"  # 本地持久化存储
 
 # ---------- 重试配置 ----------
 MAX_NEW_SESSION_TRIES = int(os.getenv("MAX_NEW_SESSION_TRIES", "5"))  # 新会话创建最多尝试账户数（默认5）
@@ -134,7 +158,7 @@ MODEL_MAPPING = {
 
 # ---------- HTTP 客户端 ----------
 http_client = httpx.AsyncClient(
-    proxies=PROXY,
+    proxy=PROXY or None,
     verify=False,
     http2=False,
     timeout=httpx.Timeout(TIMEOUT_SECONDS, connect=60.0),
@@ -160,689 +184,63 @@ def get_base_url(request: Request) -> str:
 # ---------- 常量定义 ----------
 USER_AGENT = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36"
 
-def get_common_headers(jwt: str) -> dict:
-    return {
-        "accept": "*/*",
-        "accept-encoding": "gzip, deflate, br, zstd",
-        "accept-language": "zh-CN,zh;q=0.9,en;q=0.8",
-        "authorization": f"Bearer {jwt}",
-        "content-type": "application/json",
-        "origin": "https://business.gemini.google",
-        "referer": "https://business.gemini.google/",
-        "user-agent": USER_AGENT,
-        "x-server-timeout": "1800",
-        "sec-ch-ua": '"Chromium";v="124", "Google Chrome";v="124", "Not-A.Brand";v="99"',
-        "sec-ch-ua-mobile": "?0",
-        "sec-ch-ua-platform": '"Windows"',
-        "sec-fetch-dest": "empty",
-        "sec-fetch-mode": "cors",
-        "sec-fetch-site": "cross-site",
-    }
-
-def urlsafe_b64encode(data: bytes) -> str:
-    return base64.urlsafe_b64encode(data).decode().rstrip("=")
-
-def kq_encode(s: str) -> str:
-    b = bytearray()
-    for ch in s:
-        v = ord(ch)
-        if v > 255:
-            b.append(v & 255)
-            b.append(v >> 8)
-        else:
-            b.append(v)
-    return urlsafe_b64encode(bytes(b))
-
-def create_jwt(key_bytes: bytes, key_id: str, csesidx: str) -> str:
-    now = int(time.time())
-    header = {"alg": "HS256", "typ": "JWT", "kid": key_id}
-    payload = {
-        "iss": "https://business.gemini.google",
-        "aud": "https://biz-discoveryengine.googleapis.com",
-        "sub": f"csesidx/{csesidx}",
-        "iat": now,
-        "exp": now + 300,
-        "nbf": now,
-    }
-    header_b64  = kq_encode(json.dumps(header, separators=(",", ":")))
-    payload_b64 = kq_encode(json.dumps(payload, separators=(",", ":")))
-    message     = f"{header_b64}.{payload_b64}"
-    sig         = hmac.new(key_bytes, message.encode(), hashlib.sha256).digest()
-    return f"{message}.{urlsafe_b64encode(sig)}"
-
 # ---------- 多账户支持 ----------
-@dataclass
-class AccountConfig:
-    """单个账户配置"""
-    account_id: str
-    secure_c_ses: str
-    host_c_oses: Optional[str]
-    csesidx: str
-    config_id: str
-    expires_at: Optional[str] = None  # 账户过期时间 (格式: "2025-12-23 10:59:21")
-    disabled: bool = False  # 手动禁用状态
-
-    def get_remaining_hours(self) -> Optional[float]:
-        """计算账户剩余小时数"""
-        if not self.expires_at:
-            return None
-        try:
-            # 解析过期时间（假设为北京时间）
-            beijing_tz = timezone(timedelta(hours=8))
-            expire_time = datetime.strptime(self.expires_at, "%Y-%m-%d %H:%M:%S")
-            expire_time = expire_time.replace(tzinfo=beijing_tz)
-
-            # 当前时间（北京时间）
-            now = datetime.now(beijing_tz)
-
-            # 计算剩余时间
-            remaining = (expire_time - now).total_seconds() / 3600
-            return remaining
-        except Exception:
-            return None
-
-    def is_expired(self) -> bool:
-        """检查账户是否已过期"""
-        remaining = self.get_remaining_hours()
-        if remaining is None:
-            return False  # 未设置过期时间，默认不过期
-        return remaining <= 0
-
-def format_account_expiration(remaining_hours: Optional[float]) -> tuple:
-    """
-    格式化账户过期时间显示（基于12小时过期周期）
-
-    Args:
-        remaining_hours: 剩余小时数（None表示未设置过期时间）
-
-    Returns:
-        (status, status_color, expire_display) 元组
-    """
-    if remaining_hours is None:
-        # 未设置过期时间时显示为"未设置"
-        return ("未设置", "#9e9e9e", "未设置")
-    elif remaining_hours <= 0:
-        return ("已过期", "#f44336", "已过期")
-    elif remaining_hours < 3:  # 少于3小时
-        return ("即将过期", "#ff9800", f"{remaining_hours:.1f} 小时")
-    else:  # 3小时及以上，统一显示小时
-        return ("正常", "#4caf50", f"{remaining_hours:.1f} 小时")
-
-class AccountManager:
-    """单个账户管理器"""
-    def __init__(self, config: AccountConfig):
-        self.config = config
-        self.jwt_manager: Optional['JWTManager'] = None  # 延迟初始化
-        self.is_available = True
-        self.last_error_time = 0.0
-        self.last_429_time = 0.0  # 429错误专属时间戳
-        self.error_count = 0
-        self.conversation_count = 0  # 累计对话次数
-
-    async def get_jwt(self, request_id: str = "") -> str:
-        """获取 JWT token (带错误处理)"""
-        # 检查账户是否过期
-        if self.config.is_expired():
-            self.is_available = False
-            logger.warning(f"[ACCOUNT] [{self.config.account_id}] 账户已过期，已自动禁用")
-            raise HTTPException(403, f"Account {self.config.account_id} has expired")
-
-        try:
-            if self.jwt_manager is None:
-                # 延迟初始化 JWTManager (避免循环依赖)
-                self.jwt_manager = JWTManager(self.config)
-            jwt = await self.jwt_manager.get(request_id)
-            self.is_available = True
-            self.error_count = 0
-            return jwt
-        except Exception as e:
-            self.last_error_time = time.time()
-            self.error_count += 1
-            # 使用配置的失败阈值
-            if self.error_count >= ACCOUNT_FAILURE_THRESHOLD:
-                self.is_available = False
-                logger.error(f"[ACCOUNT] [{self.config.account_id}] JWT获取连续失败{self.error_count}次，账户已永久禁用")
-            else:
-                # 安全：只记录异常类型，不记录详细信息
-                logger.warning(f"[ACCOUNT] [{self.config.account_id}] JWT获取失败({self.error_count}/{ACCOUNT_FAILURE_THRESHOLD}): {type(e).__name__}")
-            raise
-
-    def should_retry(self) -> bool:
-        """检查账户是否可重试（429错误10分钟后恢复，普通错误永久禁用）"""
-        if self.is_available:
-            return True
-
-        current_time = time.time()
-
-        # 检查429冷却期（10分钟后自动恢复）
-        if self.last_429_time > 0:
-            if current_time - self.last_429_time > RATE_LIMIT_COOLDOWN_SECONDS:
-                return True  # 冷却期已过，可以重试
-            return False  # 仍在冷却期
-
-        # 普通错误永久禁用
-        return False
-
-    def get_cooldown_info(self) -> tuple[int, str | None]:
-        """
-        获取账户冷却信息
-
-        Returns:
-            (cooldown_seconds, cooldown_reason) 元组
-            - cooldown_seconds: 剩余冷却秒数，0表示无冷却，-1表示永久禁用
-            - cooldown_reason: 冷却原因，None表示无冷却
-        """
-        current_time = time.time()
-
-        # 优先检查429冷却期（无论账户是否可用）
-        if self.last_429_time > 0:
-            remaining_429 = RATE_LIMIT_COOLDOWN_SECONDS - (current_time - self.last_429_time)
-            if remaining_429 > 0:
-                return (int(remaining_429), "429限流")
-            # 429冷却期已过
-
-        # 如果账户可用且没有429冷却，返回正常状态
-        if self.is_available:
-            return (0, None)
-
-        # 普通错误永久禁用
-        return (-1, "错误禁用")
-
-class MultiAccountManager:
-    """多账户协调器"""
-    def __init__(self):
-        self.accounts: Dict[str, AccountManager] = {}
-        self.account_list: List[str] = []  # 账户ID列表 (用于轮询)
-        self.current_index = 0
-        self._cache_lock = asyncio.Lock()  # 缓存操作专用锁
-        self._index_lock = asyncio.Lock()  # 索引更新专用锁
-        # 全局会话缓存：{conv_key: {"account_id": str, "session_id": str, "updated_at": float}}
-        self.global_session_cache: Dict[str, dict] = {}
-        self.cache_max_size = 1000  # 最大缓存条目数
-        self.cache_ttl = SESSION_CACHE_TTL_SECONDS  # 缓存过期时间（秒）
-        # Session级别锁：防止同一对话的并发请求冲突
-        self._session_locks: Dict[str, asyncio.Lock] = {}
-        self._session_locks_lock = asyncio.Lock()  # 保护锁字典的锁
-        self._session_locks_max_size = 2000  # 最大锁数量
-
-    def _clean_expired_cache(self):
-        """清理过期的缓存条目"""
-        current_time = time.time()
-        expired_keys = [
-            key for key, value in self.global_session_cache.items()
-            if current_time - value["updated_at"] > self.cache_ttl
-        ]
-        for key in expired_keys:
-            del self.global_session_cache[key]
-        if expired_keys:
-            logger.info(f"[CACHE] 清理 {len(expired_keys)} 个过期会话缓存")
-
-    def _ensure_cache_size(self):
-        """确保缓存不超过最大大小（LRU策略）"""
-        if len(self.global_session_cache) > self.cache_max_size:
-            # 按更新时间排序，删除最旧的20%
-            sorted_items = sorted(
-                self.global_session_cache.items(),
-                key=lambda x: x[1]["updated_at"]
-            )
-            remove_count = len(sorted_items) - int(self.cache_max_size * 0.8)
-            for key, _ in sorted_items[:remove_count]:
-                del self.global_session_cache[key]
-            logger.info(f"[CACHE] LRU清理 {remove_count} 个最旧会话缓存")
-
-    async def start_background_cleanup(self):
-        """启动后台缓存清理任务（每5分钟执行一次）"""
-        try:
-            while True:
-                await asyncio.sleep(300)  # 5分钟
-                async with self._cache_lock:
-                    self._clean_expired_cache()
-                    self._ensure_cache_size()
-        except asyncio.CancelledError:
-            logger.info("[CACHE] 后台清理任务已停止")
-        except Exception as e:
-            logger.error(f"[CACHE] 后台清理任务异常: {e}")
-
-    async def set_session_cache(self, conv_key: str, account_id: str, session_id: str):
-        """线程安全地设置���话缓存"""
-        async with self._cache_lock:
-            self.global_session_cache[conv_key] = {
-                "account_id": account_id,
-                "session_id": session_id,
-                "updated_at": time.time()
-            }
-            # 检查缓存大小
-            self._ensure_cache_size()
-
-    async def update_session_time(self, conv_key: str):
-        """线程安全地更新会话时间戳"""
-        async with self._cache_lock:
-            if conv_key in self.global_session_cache:
-                self.global_session_cache[conv_key]["updated_at"] = time.time()
-
-    async def acquire_session_lock(self, conv_key: str) -> asyncio.Lock:
-        """获取指定对话的锁（用于防止同一对话的并发请求冲突）"""
-        async with self._session_locks_lock:
-            # 清理过多的锁（LRU策略：删除不在缓存中的锁）
-            if len(self._session_locks) > self._session_locks_max_size:
-                # 只保留当前缓存中存在的锁
-                valid_keys = set(self.global_session_cache.keys())
-                keys_to_remove = [k for k in self._session_locks if k not in valid_keys]
-                for k in keys_to_remove[:len(keys_to_remove)//2]:  # 删除一半无效锁
-                    del self._session_locks[k]
-
-            if conv_key not in self._session_locks:
-                self._session_locks[conv_key] = asyncio.Lock()
-            return self._session_locks[conv_key]
-
-    def add_account(self, config: AccountConfig):
-        """添加账户"""
-        manager = AccountManager(config)
-        # 从统计数据加载对话次数
-        if "account_conversations" in global_stats:
-            manager.conversation_count = global_stats["account_conversations"].get(config.account_id, 0)
-        self.accounts[config.account_id] = manager
-        self.account_list.append(config.account_id)
-        logger.info(f"[MULTI] [ACCOUNT] 添加账户: {config.account_id}")
-
-    async def get_account(self, account_id: Optional[str] = None, request_id: str = "") -> AccountManager:
-        """获取账户 (轮询或指定) - 优化锁粒度，减少竞争"""
-        req_tag = f"[req_{request_id}] " if request_id else ""
-
-        # 如果指定了账户ID（无需锁）
-        if account_id:
-            if account_id not in self.accounts:
-                raise HTTPException(404, f"Account {account_id} not found")
-            account = self.accounts[account_id]
-            if not account.should_retry():
-                raise HTTPException(503, f"Account {account_id} temporarily unavailable")
-            return account
-
-        # 轮询选择可用账户（无锁读取账户列表）
-        available_accounts = [
-            acc_id for acc_id in self.account_list
-            if self.accounts[acc_id].should_retry()
-            and not self.accounts[acc_id].config.is_expired()
-            and not self.accounts[acc_id].config.disabled
-        ]
-
-        if not available_accounts:
-            raise HTTPException(503, "No available accounts")
-
-        # 只在更新索引时加锁（最小化锁持有时间）
-        async with self._index_lock:
-            if not hasattr(self, '_available_index'):
-                self._available_index = 0
-
-            account_id = available_accounts[self._available_index % len(available_accounts)]
-            self._available_index = (self._available_index + 1) % len(available_accounts)
-
-        account = self.accounts[account_id]
-        logger.info(f"[MULTI] [ACCOUNT] {req_tag}选择账户: {account_id}")
-        return account
+# (AccountConfig, AccountManager, MultiAccountManager 已移至 core/account.py)
 
 # ---------- 配置文件管理 ----------
-ACCOUNTS_FILE = "accounts.json"
-
-def save_accounts_to_file(accounts_data: list):
-    """保存账户配置到文件"""
-    with open(ACCOUNTS_FILE, 'w', encoding='utf-8') as f:
-        json.dump(accounts_data, f, ensure_ascii=False, indent=2)
-    logger.info(f"[CONFIG] 配置已保存到 {ACCOUNTS_FILE}")
-
-def load_accounts_from_source() -> list:
-    """优先从文件加载，否则从环境变量加载"""
-    # 优先从文件加载
-    if os.path.exists(ACCOUNTS_FILE):
-        try:
-            with open(ACCOUNTS_FILE, 'r', encoding='utf-8') as f:
-                accounts_data = json.load(f)
-            logger.info(f"[CONFIG] 从文件加载配置: {ACCOUNTS_FILE}")
-            return accounts_data
-        except Exception as e:
-            logger.warning(f"[CONFIG] 文件加载失败，尝试环境变量: {str(e)}")
-
-    # 从环境变量加载
-    accounts_json = os.getenv("ACCOUNTS_CONFIG")
-    if not accounts_json:
-        raise ValueError(
-            "未找到配置文件或 ACCOUNTS_CONFIG 环境变量。\n"
-            "请在环境变量中配置 JSON 格式的账户列表，格式示例：\n"
-            '[{"id":"account_1","csesidx":"xxx","config_id":"yyy","secure_c_ses":"zzz","host_c_oses":null,"expires_at":"2025-12-23 10:59:21"}]'
-        )
-
-    try:
-        accounts_data = json.loads(accounts_json)
-        if not isinstance(accounts_data, list):
-            raise ValueError("ACCOUNTS_CONFIG 必须是 JSON 数组格式")
-        # 首次从环境变量加载后，保存到文件
-        save_accounts_to_file(accounts_data)
-        logger.info(f"[CONFIG] 从环境变量加载配置并保存到文件")
-        return accounts_data
-    except json.JSONDecodeError as e:
-        logger.error(f"[CONFIG] ACCOUNTS_CONFIG JSON 解析失败: {str(e)}")
-        raise ValueError(f"ACCOUNTS_CONFIG 格式错误: {str(e)}")
-
-def get_account_id(acc: dict, index: int) -> str:
-    """获取账户ID（有显式ID则使用，否则生成默认ID）"""
-    return acc.get("id", f"account_{index}")
-
-# ---------- 多账户配置加载 ----------
-def load_multi_account_config() -> MultiAccountManager:
-    """从文件或环境变量加载多账户配置"""
-    manager = MultiAccountManager()
-
-    accounts_data = load_accounts_from_source()
-
-    for i, acc in enumerate(accounts_data, 1):
-        # 验证必需字段
-        required_fields = ["secure_c_ses", "csesidx", "config_id"]
-        missing_fields = [f for f in required_fields if f not in acc]
-        if missing_fields:
-            raise ValueError(f"账户 {i} 缺少必需字段: {', '.join(missing_fields)}")
-
-        config = AccountConfig(
-            account_id=get_account_id(acc, i),
-            secure_c_ses=acc["secure_c_ses"],
-            host_c_oses=acc.get("host_c_oses"),
-            csesidx=acc["csesidx"],
-            config_id=acc["config_id"],
-            expires_at=acc.get("expires_at"),
-            disabled=acc.get("disabled", False)  # 读取手动禁用状态，默认为 False
-        )
-
-        # 检查账户是否已过期
-        if config.is_expired():
-            logger.warning(f"[CONFIG] 账户 {config.account_id} 已过期，跳过加载")
-            continue
-
-        manager.add_account(config)
-
-    if not manager.accounts:
-        raise ValueError("没有有效的账户配置（可能全部已过期）")
-
-    logger.info(f"[CONFIG] 成功加载 {len(manager.accounts)} 个账户")
-    return manager
-
+# (配置管理函数已移至 core/account.py)
 
 # 初始化多账户管理器
-multi_account_mgr = load_multi_account_config()
-
-def reload_accounts():
-    """重新加载账户配置（清空缓存并重新加载）"""
-    global multi_account_mgr
-    multi_account_mgr.global_session_cache.clear()
-    multi_account_mgr = load_multi_account_config()
-    logger.info(f"[CONFIG] 配置已重载，当前账户数: {len(multi_account_mgr.accounts)}")
-
-def update_accounts_config(accounts_data: list):
-    """更新账户配置（保存到文件并重新加载）"""
-    save_accounts_to_file(accounts_data)
-    reload_accounts()
-
-def delete_account(account_id: str):
-    """删除单个账户"""
-    accounts_data = load_accounts_from_source()
-
-    # 过滤掉要删除的账户
-    filtered = [
-        acc for i, acc in enumerate(accounts_data, 1)
-        if get_account_id(acc, i) != account_id
-    ]
-
-    if len(filtered) == len(accounts_data):
-        raise ValueError(f"账户 {account_id} 不存在")
-
-    save_accounts_to_file(filtered)
-    reload_accounts()
-
-def update_account_disabled_status(account_id: str, disabled: bool):
-    """更新账户的禁用状态"""
-    accounts_data = load_accounts_from_source()
-
-    # 查找并更新账户
-    found = False
-    for i, acc in enumerate(accounts_data, 1):
-        if get_account_id(acc, i) == account_id:
-            acc["disabled"] = disabled
-            found = True
-            break
-
-    if not found:
-        raise ValueError(f"账户 {account_id} 不存在")
-
-    save_accounts_to_file(accounts_data)
-    reload_accounts()
-
-    status_text = "已禁用" if disabled else "已启用"
-    logger.info(f"[CONFIG] 账户 {account_id} {status_text}")
+multi_account_mgr = load_multi_account_config(
+    http_client,
+    USER_AGENT,
+    ACCOUNT_FAILURE_THRESHOLD,
+    RATE_LIMIT_COOLDOWN_SECONDS,
+    SESSION_CACHE_TTL_SECONDS,
+    global_stats
+)
 
 # 验证必需的环境变量
-if not PATH_PREFIX:
-    logger.error("[SYSTEM] 未配置 PATH_PREFIX 环境变量，请设置后重启")
-    import sys
-    sys.exit(1)
-
 if not ADMIN_KEY:
     logger.error("[SYSTEM] 未配置 ADMIN_KEY 环境变量，请设置后重启")
     import sys
     sys.exit(1)
 
 # 启动日志
-logger.info(f"[SYSTEM] 路径前缀已配置: {PATH_PREFIX[:4]}****")
-logger.info(f"[SYSTEM] 用户端点: /{PATH_PREFIX}/v1/chat/completions")
-logger.info(f"[SYSTEM] 管理端点: /{PATH_PREFIX}/admin/")
-logger.info("[SYSTEM] 公开端点: /public/log/html")
+if PATH_PREFIX:
+    logger.info(f"[SYSTEM] 路径前缀已配置: {PATH_PREFIX[:4]}****")
+    logger.info(f"[SYSTEM] API端点: /{PATH_PREFIX}/v1/chat/completions")
+    logger.info(f"[SYSTEM] 管理端点: /{PATH_PREFIX}/")
+else:
+    logger.info("[SYSTEM] 未配置路径前缀，使用默认路径")
+    logger.info("[SYSTEM] API端点: /v1/chat/completions")
+    logger.info("[SYSTEM] 管理端点: /admin/")
+logger.info("[SYSTEM] 公开端点: /public/log/html, /public/stats, /public/uptime/html")
+logger.info(f"[SYSTEM] Session过期时间: {SESSION_EXPIRE_HOURS}小时")
 logger.info("[SYSTEM] 系统初始化完成")
 
 # ---------- JWT 管理 ----------
-class JWTManager:
-    def __init__(self, config: AccountConfig) -> None:
-        self.config = config
-        self.jwt: str = ""
-        self.expires: float = 0
-        self._lock = asyncio.Lock()
-
-    async def get(self, request_id: str = "") -> str:
-        async with self._lock:
-            if time.time() > self.expires:
-                await self._refresh(request_id)
-            return self.jwt
-
-    async def _refresh(self, request_id: str = "") -> None:
-        cookie = f"__Secure-C_SES={self.config.secure_c_ses}"
-        if self.config.host_c_oses:
-            cookie += f"; __Host-C_OSES={self.config.host_c_oses}"
-
-        req_tag = f"[req_{request_id}] " if request_id else ""
-        r = await http_client.get(
-            "https://business.gemini.google/auth/getoxsrf",
-            params={"csesidx": self.config.csesidx},
-            headers={
-                "cookie": cookie,
-                "user-agent": USER_AGENT,
-                "referer": "https://business.gemini.google/"
-            },
-        )
-        if r.status_code != 200:
-            logger.error(f"[AUTH] [{self.config.account_id}] {req_tag}JWT 刷新失败: {r.status_code}")
-            raise HTTPException(r.status_code, "getoxsrf failed")
-
-        txt = r.text[4:] if r.text.startswith(")]}'") else r.text
-        data = json.loads(txt)
-
-        key_bytes = base64.urlsafe_b64decode(data["xsrfToken"] + "==")
-        self.jwt      = create_jwt(key_bytes, data["keyId"], self.config.csesidx)
-        self.expires = time.time() + 270
-        logger.info(f"[AUTH] [{self.config.account_id}] {req_tag}JWT 刷新成功")
+# (JWTManager已移至 core/jwt.py)
 
 # ---------- Session & File 管理 ----------
-async def create_google_session(account_manager: AccountManager, request_id: str = "") -> str:
-    jwt = await account_manager.get_jwt(request_id)
-    headers = get_common_headers(jwt)
-    body = {
-        "configId": account_manager.config.config_id,
-        "additionalParams": {"token": "-"},
-        "createSessionRequest": {
-            "session": {"name": "", "displayName": ""}
-        }
-    }
-
-    req_tag = f"[req_{request_id}] " if request_id else ""
-    r = await http_client.post(
-        "https://biz-discoveryengine.googleapis.com/v1alpha/locations/global/widgetCreateSession",
-        headers=headers,
-        json=body,
-    )
-    if r.status_code != 200:
-        logger.error(f"[SESSION] [{account_manager.config.account_id}] {req_tag}Session 创建失败: {r.status_code}")
-        raise HTTPException(r.status_code, "createSession failed")
-    sess_name = r.json()["session"]["name"]
-    logger.info(f"[SESSION] [{account_manager.config.account_id}] {req_tag}创建成功: {sess_name[-12:]}")
-    return sess_name
-
-async def upload_context_file(session_name: str, mime_type: str, base64_content: str, account_manager: AccountManager, request_id: str = "") -> str:
-    """上传文件到指定 Session，返回 fileId"""
-    jwt = await account_manager.get_jwt(request_id)
-    headers = get_common_headers(jwt)
-
-    # 生成随机文件名
-    ext = mime_type.split('/')[-1] if '/' in mime_type else "bin"
-    file_name = f"upload_{int(time.time())}_{uuid.uuid4().hex[:6]}.{ext}"
-
-    body = {
-        "configId": account_manager.config.config_id,
-        "additionalParams": {"token": "-"},
-        "addContextFileRequest": {
-            "name": session_name,
-            "fileName": file_name,
-            "mimeType": mime_type,
-            "fileContents": base64_content
-        }
-    }
-
-    r = await http_client.post(
-        "https://biz-discoveryengine.googleapis.com/v1alpha/locations/global/widgetAddContextFile",
-        headers=headers,
-        json=body,
-    )
-
-    req_tag = f"[req_{request_id}] " if request_id else ""
-    if r.status_code != 200:
-        logger.error(f"[FILE] [{account_manager.config.account_id}] {req_tag}文件上传失败: {r.status_code}")
-        raise HTTPException(r.status_code, f"Upload failed: {r.text}")
-
-    data = r.json()
-    file_id = data.get("addContextFileResponse", {}).get("fileId")
-    logger.info(f"[FILE] [{account_manager.config.account_id}] {req_tag}文件上传成功: {mime_type}")
-    return file_id
+# (Google API函数已移至 core/google_api.py)
 
 # ---------- 消息处理逻辑 ----------
-def get_conversation_key(messages: List[dict]) -> str:
-    """
-    生成对话指纹（使用前3条消息，平衡唯一性和Session复用）
-
-    策略：
-    1. 使用前3条消息生成指纹（而非仅第1条）
-    2. 大幅降低不同用户共享Session的概率
-    3. 保持Session复用能力（后续消息仍能找到同一Session）
-    """
-    if not messages:
-        return "empty"
-
-    # 提取前3条消息的关键信息（角色+内容）
-    message_fingerprints = []
-    for msg in messages[:3]:  # 只取前3条
-        role = msg.get("role", "")
-        content = msg.get("content", "")
-
-        # 统一处理内容格式（字符串或数组）
-        if isinstance(content, list):
-            # 多模态消息：只提取文本部分
-            text = "".join([x.get("text", "") for x in content if x.get("type") == "text"])
-        else:
-            text = str(content)
-
-        # 标准化：去除首尾空白，转小写
-        text = text.strip().lower()
-
-        # 组合角色和内容
-        message_fingerprints.append(f"{role}:{text}")
-
-    # 使用前3条消息生成指纹
-    conversation_prefix = "|".join(message_fingerprints)
-    return hashlib.md5(conversation_prefix.encode()).hexdigest()
-
-async def parse_last_message(messages: List['Message'], request_id: str = ""):
-    """解析最后一条消息，分离文本和文件（支持图片、PDF、文档等，base64 和 URL）"""
-    if not messages:
-        return "", []
-
-    last_msg = messages[-1]
-    content = last_msg.content
-
-    text_content = ""
-    images = [] # List of {"mime": str, "data": str_base64} - 兼容变量名，实际支持所有文件
-    image_urls = []  # 需要下载的 URL - 兼容变量名，实际支持所有文件
-
-    if isinstance(content, str):
-        text_content = content
-    elif isinstance(content, list):
-        for part in content:
-            if part.get("type") == "text":
-                text_content += part.get("text", "")
-            elif part.get("type") == "image_url":
-                url = part.get("image_url", {}).get("url", "")
-                # 解析 Data URI: data:mime/type;base64,xxxxxx (支持所有 MIME 类型)
-                match = re.match(r"data:([^;]+);base64,(.+)", url)
-                if match:
-                    images.append({"mime": match.group(1), "data": match.group(2)})
-                elif url.startswith(("http://", "https://")):
-                    image_urls.append(url)
-                else:
-                    logger.warning(f"[FILE] [req_{request_id}] 不支持的文件格式: {url[:30]}...")
-
-    # 并行下载所有 URL 文件（支持图片、PDF、文档等）
-    if image_urls:
-        async def download_url(url: str):
-            try:
-                resp = await http_client.get(url, timeout=30, follow_redirects=True)
-                resp.raise_for_status()
-                content_type = resp.headers.get("content-type", "application/octet-stream").split(";")[0]
-                # 移除图片类型限制，支持所有文件类型
-                b64 = base64.b64encode(resp.content).decode()
-                logger.info(f"[FILE] [req_{request_id}] URL文件下载成功: {url[:50]}... ({len(resp.content)} bytes, {content_type})")
-                return {"mime": content_type, "data": b64}
-            except Exception as e:
-                logger.warning(f"[FILE] [req_{request_id}] URL文件下载失败: {url[:50]}... - {e}")
-                return None
-
-        results = await asyncio.gather(*[download_url(u) for u in image_urls])
-        images.extend([r for r in results if r])
-
-    return text_content, images
-
-def build_full_context_text(messages: List['Message']) -> str:
-    """仅拼接历史文本，图片只处理当次请求的"""
-    prompt = ""
-    for msg in messages:
-        role = "User" if msg.role in ["user", "system"] else "Assistant"
-        content_str = ""
-        if isinstance(msg.content, str):
-            content_str = msg.content
-        elif isinstance(msg.content, list):
-            for part in msg.content:
-                if part.get("type") == "text":
-                    content_str += part.get("text", "")
-                elif part.get("type") == "image_url":
-                    content_str += "[图片]"
-        
-        prompt += f"{role}: {content_str}\n\n"
-    return prompt
+# (消息处理函数已移至 core/message.py)
 
 # ---------- OpenAI 兼容接口 ----------
 app = FastAPI(title="Gemini-Business OpenAI Gateway")
 
+# ---------- Session 中间件配置 ----------
+from starlette.middleware.sessions import SessionMiddleware
+app.add_middleware(
+    SessionMiddleware,
+    secret_key=SESSION_SECRET_KEY,
+    max_age=SESSION_EXPIRE_HOURS * 3600,  # 转换为秒
+    same_site="lax",
+    https_only=False  # 本地开发可设为False，生产环境建议True
+)
+
 # ---------- Uptime 追踪中间件 ----------
 @app.middleware("http")
 async def track_uptime_middleware(request: Request, call_next):
@@ -887,9 +285,9 @@ async def track_uptime_middleware(request: Request, call_next):
 os.makedirs(IMAGE_DIR, exist_ok=True)
 app.mount("/images", StaticFiles(directory=IMAGE_DIR), name="images")
 if IMAGE_DIR == "/data/images":
-    logger.info(f"[SYSTEM] 图片静态服务已启用: /images/ -> {IMAGE_DIR} (持久化存储)")
+    logger.info(f"[SYSTEM] 图片静态服务已启用: /images/ -> {IMAGE_DIR} (HF Pro持久化)")
 else:
-    logger.info(f"[SYSTEM] 图片静态服务已启用: /images/ -> {IMAGE_DIR} (临时存储，重启会丢失)")
+    logger.info(f"[SYSTEM] 图片静态服务已启用: /images/ -> {IMAGE_DIR} (本地持久化)")
 
 # ---------- 后台任务启动 ----------
 @app.on_event("startup")
@@ -1145,99 +543,106 @@ def create_chunk(id: str, created: int, model: str, delta: dict, finish_reason:
     }
     return json.dumps(chunk)
 
-# ---------- API Key 验证 ----------
-def verify_api_key(authorization: str = None):
-    """验证 API Key（如果配置了 API_KEY）"""
-    # 如果未配置 API_KEY，则跳过验证
-    if API_KEY is None:
-        return True
-
-    # 检查 Authorization header
-    if not authorization:
-        raise HTTPException(
-            status_code=401,
-            detail="Missing Authorization header"
-        )
-
-    # 支持两种格式：
-    # 1. Bearer YOUR_API_KEY
-    # 2. YOUR_API_KEY
-    token = authorization
-    if authorization.startswith("Bearer "):
-        token = authorization[7:]
-
-    if token != API_KEY:
-        logger.warning(f"[AUTH] API Key 验证失败")
-        raise HTTPException(
-            status_code=401,
-            detail="Invalid API Key"
-        )
-
-    return True
-
 @app.get("/")
 async def home(request: Request):
-    """首页 - 默认显示管理面板（可通过环境变量隐藏）"""
-    # 检查是否隐藏首页
-    if HIDE_HOME_PAGE:
+    """首页 - 根据PATH_PREFIX配置决定行为"""
+    if PATH_PREFIX:
+        # 如果设置了PATH_PREFIX（隐藏模式），首页返回404，不暴露任何信息
         raise HTTPException(404, "Not Found")
-
-    # 显示管理页面（带隐藏提示）
-    html_content = templates.generate_admin_html(request, multi_account_mgr, show_hide_tip=True)
-    return HTMLResponse(content=html_content)
-
-@app.get("/{path_prefix}/admin")
-@require_path_and_admin(PATH_PREFIX, ADMIN_KEY)
-async def admin_home(path_prefix: str, request: Request, key: str = None, authorization: str = Header(None)):
-    """管理首页 - 显示API信息和错误提醒"""
-    # 显示管理页面（不显示隐藏提示）
+    else:
+        # 未设置PATH_PREFIX（公开模式），根据登录状态重定向
+        if is_logged_in(request):
+            return RedirectResponse(url="/admin", status_code=302)
+        else:
+            return RedirectResponse(url="/admin/login", status_code=302)
+
+# ---------- 登录/登出端点（支持可选PATH_PREFIX） ----------
+
+# 不带PATH_PREFIX的登录端点
+@app.get("/admin/login")
+async def admin_login_get(request: Request, error: str = None):
+    """登录页面"""
+    return await templates.get_login_html(request, error)
+
+@app.post("/admin/login")
+async def admin_login_post(request: Request, admin_key: str = Form(...)):
+    """处理登录表单提交"""
+    if admin_key == ADMIN_KEY:
+        login_user(request)
+        logger.info(f"[AUTH] 管理员登录成功")
+        return RedirectResponse(url="/admin", status_code=302)
+    else:
+        logger.warning(f"[AUTH] 登录失败 - 密钥错误")
+        return await templates.get_login_html(request, error="密钥错误，请重试")
+
+@app.post("/admin/logout")
+@require_login(redirect_to_login=False)
+async def admin_logout(request: Request):
+    """登出"""
+    logout_user(request)
+    logger.info(f"[AUTH] 管理员已登出")
+    return RedirectResponse(url="/admin/login", status_code=302)
+
+# 带PATH_PREFIX的登录端点（如果配置了PATH_PREFIX）
+if PATH_PREFIX:
+    @app.get(f"/{PATH_PREFIX}/login")
+    async def admin_login_get_prefixed(request: Request, error: str = None):
+        """登录页面（带前缀）"""
+        return await templates.get_login_html(request, error)
+
+    @app.post(f"/{PATH_PREFIX}/login")
+    async def admin_login_post_prefixed(request: Request, admin_key: str = Form(...)):
+        """处理登录表单提交（带前缀）"""
+        if admin_key == ADMIN_KEY:
+            login_user(request)
+            logger.info(f"[AUTH] 管理员登录成功")
+            return RedirectResponse(url=f"/{PATH_PREFIX}", status_code=302)
+        else:
+            logger.warning(f"[AUTH] 登录失败 - 密钥错误")
+            return await templates.get_login_html(request, error="密钥错误，请重试")
+
+    @app.post(f"/{PATH_PREFIX}/logout")
+    @require_login(redirect_to_login=False)
+    async def admin_logout_prefixed(request: Request):
+        """登出（带前缀）"""
+        logout_user(request)
+        logger.info(f"[AUTH] 管理员已登出")
+        return RedirectResponse(url=f"/{PATH_PREFIX}/login", status_code=302)
+
+# ---------- 管理端点（需要登录） ----------
+
+# 不带PATH_PREFIX的管理端点
+@app.get("/admin")
+@require_login()
+async def admin_home_no_prefix(request: Request):
+    """管理首页"""
     html_content = templates.generate_admin_html(request, multi_account_mgr, show_hide_tip=False)
     return HTMLResponse(content=html_content)
 
-@app.get("/{path_prefix}/v1/models")
-@require_path_prefix(PATH_PREFIX)
-async def list_models(path_prefix: str, authorization: str = Header(None)):
-    # 验证 API Key
-    verify_api_key(authorization)
+# 带PATH_PREFIX的管理端点（如果配置了PATH_PREFIX）
+if PATH_PREFIX:
+    @app.get(f"/{PATH_PREFIX}")
+    @require_login()
+    async def admin_home_prefixed(request: Request):
+        """管理首页（带前缀）"""
+        return await admin_home_no_prefix(request=request)
 
-    data = []
-    now = int(time.time())
-    for m in MODEL_MAPPING.keys():
-        data.append({
-            "id": m,
-            "object": "model",
-            "created": now,
-            "owned_by": "google",
-            "permission": []
-        })
-    return {"object": "list", "data": data}
-
-@app.get("/{path_prefix}/v1/models/{model_id}")
-@require_path_prefix(PATH_PREFIX)
-async def get_model(path_prefix: str, model_id: str, authorization: str = Header(None)):
-    # 验证 API Key
-    verify_api_key(authorization)
-
-    return {"id": model_id, "object": "model"}
+# ---------- 管理API端点（需要登录） ----------
 
-@app.get("/{path_prefix}/admin/health")
-@require_path_and_admin(PATH_PREFIX, ADMIN_KEY)
-async def admin_health(path_prefix: str, key: str = None, authorization: str = Header(None)):
+@app.get("/admin/health")
+@require_login()
+async def admin_health(request: Request):
     return {"status": "ok", "time": datetime.utcnow().isoformat()}
 
-@app.get("/{path_prefix}/admin/accounts")
-@require_path_and_admin(PATH_PREFIX, ADMIN_KEY)
-async def admin_get_accounts(path_prefix: str, key: str = None, authorization: str = Header(None)):
+@app.get("/admin/accounts")
+@require_login()
+async def admin_get_accounts(request: Request):
     """获取所有账户的状态信息"""
     accounts_info = []
     for account_id, account_manager in multi_account_mgr.accounts.items():
         config = account_manager.config
         remaining_hours = config.get_remaining_hours()
-
-        # 使用统一的格式化函数
         status, status_color, remaining_display = format_account_expiration(remaining_hours)
-
-        # 使用AccountManager的方法获取冷却信息
         cooldown_seconds, cooldown_reason = account_manager.get_cooldown_info()
 
         accounts_info.append({
@@ -1248,20 +653,17 @@ async def admin_get_accounts(path_prefix: str, key: str = None, authorization: s
             "remaining_display": remaining_display,
             "is_available": account_manager.is_available,
             "error_count": account_manager.error_count,
-            "disabled": config.disabled,  # 添加手动禁用状态
-            "cooldown_seconds": cooldown_seconds,  # 冷却剩余秒数
-            "cooldown_reason": cooldown_reason,  # 冷却原因
-            "conversation_count": account_manager.conversation_count  # 累计对话次数
+            "disabled": config.disabled,
+            "cooldown_seconds": cooldown_seconds,
+            "cooldown_reason": cooldown_reason,
+            "conversation_count": account_manager.conversation_count
         })
 
-    return {
-        "total": len(accounts_info),
-        "accounts": accounts_info
-    }
+    return {"total": len(accounts_info), "accounts": accounts_info}
 
-@app.get("/{path_prefix}/admin/accounts-config")
-@require_path_and_admin(PATH_PREFIX, ADMIN_KEY)
-async def admin_get_config(path_prefix: str, key: str = None, authorization: str = Header(None)):
+@app.get("/admin/accounts-config")
+@require_login()
+async def admin_get_config(request: Request):
     """获取完整账户配置"""
     try:
         accounts_data = load_accounts_from_source()
@@ -1270,181 +672,259 @@ async def admin_get_config(path_prefix: str, key: str = None, authorization: str
         logger.error(f"[CONFIG] 获取配置失败: {str(e)}")
         raise HTTPException(500, f"获取失败: {str(e)}")
 
-@app.put("/{path_prefix}/admin/accounts-config")
-@require_path_and_admin(PATH_PREFIX, ADMIN_KEY)
-async def admin_update_config(path_prefix: str, accounts_data: list = Body(...), key: str = None, authorization: str = Header(None)):
+@app.put("/admin/accounts-config")
+@require_login()
+async def admin_update_config(request: Request, accounts_data: list = Body(...)):
     """更新整个账户配置"""
+    global multi_account_mgr
     try:
-        update_accounts_config(accounts_data)
+        multi_account_mgr = _update_accounts_config(
+            accounts_data, multi_account_mgr, http_client, USER_AGENT,
+            ACCOUNT_FAILURE_THRESHOLD, RATE_LIMIT_COOLDOWN_SECONDS,
+            SESSION_CACHE_TTL_SECONDS, global_stats
+        )
         return {"status": "success", "message": "配置已更新", "account_count": len(multi_account_mgr.accounts)}
     except Exception as e:
         logger.error(f"[CONFIG] 更新配置失败: {str(e)}")
         raise HTTPException(500, f"更新失败: {str(e)}")
 
-@app.delete("/{path_prefix}/admin/accounts/{account_id}")
-@require_path_and_admin(PATH_PREFIX, ADMIN_KEY)
-async def admin_delete_account(path_prefix: str, account_id: str, key: str = None, authorization: str = Header(None)):
+@app.delete("/admin/accounts/{account_id}")
+@require_login()
+async def admin_delete_account(request: Request, account_id: str):
     """删除单个账户"""
+    global multi_account_mgr
     try:
-        delete_account(account_id)
+        multi_account_mgr = _delete_account(
+            account_id, multi_account_mgr, http_client, USER_AGENT,
+            ACCOUNT_FAILURE_THRESHOLD, RATE_LIMIT_COOLDOWN_SECONDS,
+            SESSION_CACHE_TTL_SECONDS, global_stats
+        )
         return {"status": "success", "message": f"账户 {account_id} 已删除", "account_count": len(multi_account_mgr.accounts)}
     except Exception as e:
         logger.error(f"[CONFIG] 删除账户失败: {str(e)}")
         raise HTTPException(500, f"删除失败: {str(e)}")
 
-@app.put("/{path_prefix}/admin/accounts/{account_id}/disable")
-@require_path_and_admin(PATH_PREFIX, ADMIN_KEY)
-async def admin_disable_account(path_prefix: str, account_id: str, key: str = None, authorization: str = Header(None)):
+@app.put("/admin/accounts/{account_id}/disable")
+@require_login()
+async def admin_disable_account(request: Request, account_id: str):
     """手动禁用账户"""
+    global multi_account_mgr
     try:
-        update_account_disabled_status(account_id, True)
+        multi_account_mgr = _update_account_disabled_status(
+            account_id, True, multi_account_mgr, http_client, USER_AGENT,
+            ACCOUNT_FAILURE_THRESHOLD, RATE_LIMIT_COOLDOWN_SECONDS,
+            SESSION_CACHE_TTL_SECONDS, global_stats
+        )
         return {"status": "success", "message": f"账户 {account_id} 已禁用", "account_count": len(multi_account_mgr.accounts)}
     except Exception as e:
         logger.error(f"[CONFIG] 禁用账户失败: {str(e)}")
         raise HTTPException(500, f"禁用失败: {str(e)}")
 
-@app.put("/{path_prefix}/admin/accounts/{account_id}/enable")
-@require_path_and_admin(PATH_PREFIX, ADMIN_KEY)
-async def admin_enable_account(path_prefix: str, account_id: str, key: str = None, authorization: str = Header(None)):
+@app.put("/admin/accounts/{account_id}/enable")
+@require_login()
+async def admin_enable_account(request: Request, account_id: str):
     """启用账户"""
+    global multi_account_mgr
     try:
-        update_account_disabled_status(account_id, False)
+        multi_account_mgr = _update_account_disabled_status(
+            account_id, False, multi_account_mgr, http_client, USER_AGENT,
+            ACCOUNT_FAILURE_THRESHOLD, RATE_LIMIT_COOLDOWN_SECONDS,
+            SESSION_CACHE_TTL_SECONDS, global_stats
+        )
         return {"status": "success", "message": f"账户 {account_id} 已启用", "account_count": len(multi_account_mgr.accounts)}
     except Exception as e:
         logger.error(f"[CONFIG] 启用账户失败: {str(e)}")
         raise HTTPException(500, f"启用失败: {str(e)}")
 
-@app.get("/{path_prefix}/admin/log")
-@require_path_and_admin(PATH_PREFIX, ADMIN_KEY)
+@app.get("/admin/log")
+@require_login()
 async def admin_get_logs(
-    path_prefix: str,
+    request: Request,
     limit: int = 1500,
-    key: str = None,
-    authorization: str = Header(None),
     level: str = None,
     search: str = None,
     start_time: str = None,
     end_time: str = None
 ):
-    """
-    获取系统日志（包含统计信息）
-
-    参数:
-    - limit: 返回最近 N 条日志 (默认 1500, 最大 3000)
-    - level: 过滤日志级别 (INFO, WARNING, ERROR, DEBUG)
-    - search: 搜索关键词（在消息中搜索）
-    - start_time: 开始时间 (格式: 2025-12-17 10:00:00)
-    - end_time: 结束时间 (格式: 2025-12-17 11:00:00)
-    """
     with log_lock:
         logs = list(log_buffer)
 
-    # 计算统计信息（在过滤前）
     stats_by_level = {}
     error_logs = []
     chat_count = 0
     for log in logs:
         level_name = log.get("level", "INFO")
         stats_by_level[level_name] = stats_by_level.get(level_name, 0) + 1
-
-        # 收集错误日志
         if level_name in ["ERROR", "CRITICAL"]:
             error_logs.append(log)
-
-        # 统计对话次数（匹配包含"收到请求"的日志）
         if "收到请求" in log.get("message", ""):
             chat_count += 1
 
-    # 按级别过滤
     if level:
         level = level.upper()
         logs = [log for log in logs if log["level"] == level]
-
-    # 按关键词搜索
     if search:
         logs = [log for log in logs if search.lower() in log["message"].lower()]
-
-    # 按时间范围过滤
     if start_time:
         logs = [log for log in logs if log["time"] >= start_time]
     if end_time:
         logs = [log for log in logs if log["time"] <= end_time]
 
-    # 限制数量（返回最近的）
     limit = min(limit, 3000)
     filtered_logs = logs[-limit:]
 
     return {
         "total": len(filtered_logs),
         "limit": limit,
-        "filters": {
-            "level": level,
-            "search": search,
-            "start_time": start_time,
-            "end_time": end_time
-        },
+        "filters": {"level": level, "search": search, "start_time": start_time, "end_time": end_time},
         "logs": filtered_logs,
         "stats": {
-            "memory": {
-                "total": len(log_buffer),
-                "by_level": stats_by_level,
-                "capacity": log_buffer.maxlen
-            },
-            "errors": {
-                "count": len(error_logs),
-                "recent": error_logs[-10:]  # 最近10条错误
-            },
+            "memory": {"total": len(log_buffer), "by_level": stats_by_level, "capacity": log_buffer.maxlen},
+            "errors": {"count": len(error_logs), "recent": error_logs[-10:]},
             "chat_count": chat_count
         }
     }
 
-@app.delete("/{path_prefix}/admin/log")
-@require_path_and_admin(PATH_PREFIX, ADMIN_KEY)
-async def admin_clear_logs(path_prefix: str, confirm: str = None, key: str = None, authorization: str = Header(None)):
-    """
-    清空所有日志（内存缓冲 + 文件）
-
-    参数:
-    - confirm: 必须传入 "yes" 才能清空
-    """
+@app.delete("/admin/log")
+@require_login()
+async def admin_clear_logs(request: Request, confirm: str = None):
     if confirm != "yes":
-        raise HTTPException(
-            status_code=400,
-            detail="需要 confirm=yes 参数确认清空操作"
-        )
-
-    # 清空内存缓冲
+        raise HTTPException(400, "需要 confirm=yes 参数确认清空操作")
     with log_lock:
         cleared_count = len(log_buffer)
         log_buffer.clear()
-
     logger.info("[LOG] 日志已清空")
+    return {"status": "success", "message": "已清空内存日志", "cleared_count": cleared_count}
 
-    return {
-        "status": "success",
-        "message": "已清空内存日志",
-        "cleared_count": cleared_count
-    }
-
-@app.get("/{path_prefix}/admin/log/html")
-async def admin_logs_html_route(path_prefix: str, key: str = None, authorization: str = Header(None)):
+@app.get("/admin/log/html")
+@require_login()
+async def admin_logs_html_route(request: Request):
     """返回美化的 HTML 日志查看界面"""
-    return await templates.admin_logs_html(path_prefix, key, authorization)
+    return await templates.admin_logs_html_no_auth(request)
+
+# 带PATH_PREFIX的管理API端点（如果配置了PATH_PREFIX）
+if PATH_PREFIX:
+    @app.get(f"/{PATH_PREFIX}/health")
+    @require_login()
+    async def admin_health_prefixed(request: Request):
+        return await admin_health(request=request)
+
+    @app.get(f"/{PATH_PREFIX}/accounts")
+    @require_login()
+    async def admin_get_accounts_prefixed(request: Request):
+        return await admin_get_accounts(request=request)
+
+    @app.get(f"/{PATH_PREFIX}/accounts-config")
+    @require_login()
+    async def admin_get_config_prefixed(request: Request):
+        return await admin_get_config(request=request)
+
+    @app.put(f"/{PATH_PREFIX}/accounts-config")
+    @require_login()
+    async def admin_update_config_prefixed(request: Request, accounts_data: list = Body(...)):
+        return await admin_update_config(request=request, accounts_data=accounts_data)
+
+    @app.delete(f"/{PATH_PREFIX}/accounts/{{account_id}}")
+    @require_login()
+    async def admin_delete_account_prefixed(request: Request, account_id: str):
+        return await admin_delete_account(request=request, account_id=account_id)
+
+    @app.put(f"/{PATH_PREFIX}/accounts/{{account_id}}/disable")
+    @require_login()
+    async def admin_disable_account_prefixed(request: Request, account_id: str):
+        return await admin_disable_account(request=request, account_id=account_id)
+
+    @app.put(f"/{PATH_PREFIX}/accounts/{{account_id}}/enable")
+    @require_login()
+    async def admin_enable_account_prefixed(request: Request, account_id: str):
+        return await admin_enable_account(request=request, account_id=account_id)
+
+    @app.get(f"/{PATH_PREFIX}/log")
+    @require_login()
+    async def admin_get_logs_prefixed(
+        request: Request,
+        limit: int = 1500,
+        level: str = None,
+        search: str = None,
+        start_time: str = None,
+        end_time: str = None
+    ):
+        return await admin_get_logs(request=request, limit=limit, level=level, search=search, start_time=start_time, end_time=end_time)
+
+    @app.delete(f"/{PATH_PREFIX}/log")
+    @require_login()
+    async def admin_clear_logs_prefixed(request: Request, confirm: str = None):
+        return await admin_clear_logs(request=request, confirm=confirm)
+
+    @app.get(f"/{PATH_PREFIX}/log/html")
+    @require_login()
+    async def admin_logs_html_route_prefixed(request: Request):
+        return await admin_logs_html_route(request=request)
+
+# ---------- API端点（API Key认证） ----------
+
+@app.get("/v1/models")
+async def list_models(authorization: str = Header(None)):
+    verify_api_key(API_KEY, authorization)
+    data = []
+    now = int(time.time())
+    for m in MODEL_MAPPING.keys():
+        data.append({"id": m, "object": "model", "created": now, "owned_by": "google", "permission": []})
+    return {"object": "list", "data": data}
 
-@app.post("/{path_prefix}/v1/chat/completions")
-@require_path_prefix(PATH_PREFIX)
+@app.get("/v1/models/{model_id}")
+async def get_model(model_id: str, authorization: str = Header(None)):
+    verify_api_key(API_KEY, authorization)
+    return {"id": model_id, "object": "model"}
+
+# 带PATH_PREFIX的API端点（如果配置了PATH_PREFIX）
+if PATH_PREFIX:
+    @app.get(f"/{PATH_PREFIX}/v1/models")
+    async def list_models_prefixed(authorization: str = Header(None)):
+        return await list_models(authorization)
+
+    @app.get(f"/{PATH_PREFIX}/v1/models/{{model_id}}")
+    async def get_model_prefixed(model_id: str, authorization: str = Header(None)):
+        return await get_model(model_id, authorization)
+
+# ---------- 聊天API端点 ----------
+
+@app.post("/v1/chat/completions")
 async def chat(
-    path_prefix: str,
     req: ChatRequest,
     request: Request,
     authorization: Optional[str] = Header(None)
 ):
-    # 1. API Key 验证
-    verify_api_key(authorization)
-
-    # 1. 生成请求ID（最优先，用于所有日志追踪）
+    # API Key 验证
+    verify_api_key(API_KEY, authorization)
+    # ... (保留原有的chat逻辑)
+    return await chat_impl(req, request, authorization)
+
+if PATH_PREFIX:
+    @app.post(f"/{PATH_PREFIX}/v1/chat/completions")
+    async def chat_prefixed(
+        req: ChatRequest,
+        request: Request,
+        authorization: Optional[str] = Header(None)
+    ):
+        return await chat(req, request, authorization)
+
+# chat实现函数
+async def chat_impl(
+    req: ChatRequest,
+    request: Request,
+    authorization: Optional[str]
+):
+    # 生成请求ID（最优先，用于所有日志追踪）
     request_id = str(uuid.uuid4())[:6]
 
+    # 获取客户端IP（用于会话隔离）
+    client_ip = request.headers.get("x-forwarded-for")
+    if client_ip:
+        client_ip = client_ip.split(",")[0].strip()
+    else:
+        client_ip = request.client.host if request.client else "unknown"
+
     # 记录请求统计
     async with stats_lock:
         global_stats["total_requests"] += 1
@@ -1463,7 +943,7 @@ async def chat(
     request.state.model = req.model
 
     # 3. 生成会话指纹，获取Session锁（防止同一对话的并发请求冲突）
-    conv_key = get_conversation_key([m.dict() for m in req.messages])
+    conv_key = get_conversation_key([m.dict() for m in req.messages], client_ip)
     session_lock = await multi_account_mgr.acquire_session_lock(conv_key)
 
     # 4. 在锁的保护下检查缓存和处理Session（保证同一对话的请求串行化）
@@ -1485,7 +965,7 @@ async def chat(
             for attempt in range(max_account_tries):
                 try:
                     account_manager = await multi_account_mgr.get_account(None, request_id)
-                    google_session = await create_google_session(account_manager, request_id)
+                    google_session = await create_google_session(account_manager, http_client, USER_AGENT, request_id)
                     # 线程安全地绑定账户到此对话
                     await multi_account_mgr.set_session_cache(
                         conv_key,
@@ -1531,7 +1011,7 @@ async def chat(
     logger.info(f"[CHAT] [{account_manager.config.account_id}] [req_{request_id}] 用户消息: {preview}")
 
     # 3. 解析请求内容
-    last_text, current_images = await parse_last_message(req.messages, request_id)
+    last_text, current_images = await parse_last_message(req.messages, http_client, request_id)
 
     # 4. 准备文本内容
     if is_new_conversation:
@@ -1571,7 +1051,7 @@ async def chat(
                 cached = multi_account_mgr.global_session_cache.get(conv_key)
                 if not cached:
                     logger.warning(f"[CHAT] [{account_manager.config.account_id}] [req_{request_id}] 缓存已清理，重建Session")
-                    new_sess = await create_google_session(account_manager, request_id)
+                    new_sess = await create_google_session(account_manager, http_client, USER_AGENT, request_id)
                     await multi_account_mgr.set_session_cache(
                         conv_key,
                         account_manager.config.account_id,
@@ -1587,7 +1067,7 @@ async def chat(
                 # 注意：每次重试如果是新 Session，都需要重新上传图片
                 if current_images and not current_file_ids:
                     for img in current_images:
-                        fid = await upload_context_file(current_session, img["mime"], img["data"], account_manager, request_id)
+                        fid = await upload_context_file(current_session, img["mime"], img["data"], account_manager, http_client, USER_AGENT, request_id)
                         current_file_ids.append(fid)
 
                 # B. 准备文本 (重试模式下发全文)
@@ -1687,7 +1167,7 @@ async def chat(
                         logger.info(f"[CHAT] [req_{request_id}] 切换账户: {account_manager.config.account_id} -> {new_account.config.account_id}")
 
                         # 创建新 Session
-                        new_sess = await create_google_session(new_account, request_id)
+                        new_sess = await create_google_session(new_account, http_client, USER_AGENT, request_id)
 
                         # 更新缓存绑定到新账户
                         await multi_account_mgr.set_session_cache(
@@ -1794,131 +1274,6 @@ def parse_images_from_response(data_list: list) -> tuple[list, str]:
     return file_ids, session_name
 
 
-async def get_session_file_metadata(account_mgr: AccountManager, session_name: str, request_id: str = "") -> dict:
-    """获取session中的文件元数据，包括正确的session路径"""
-    jwt = await account_mgr.get_jwt(request_id)
-    headers = get_common_headers(jwt)
-    body = {
-        "configId": account_mgr.config.config_id,
-        "additionalParams": {"token": "-"},
-        "listSessionFileMetadataRequest": {
-            "name": session_name,
-            "filter": "file_origin_type = AI_GENERATED"
-        }
-    }
-
-    resp = await http_client.post(
-        "https://biz-discoveryengine.googleapis.com/v1alpha/locations/global/widgetListSessionFileMetadata",
-        headers=headers,
-        json=body
-    )
-
-    if resp.status_code == 401:
-        # JWT过期，刷新后重试
-        jwt = await account_mgr.get_jwt(request_id)
-        headers = get_common_headers(jwt)
-        resp = await http_client.post(
-            "https://biz-discoveryengine.googleapis.com/v1alpha/locations/global/widgetListSessionFileMetadata",
-            headers=headers,
-            json=body
-        )
-
-    if resp.status_code != 200:
-        logger.warning(f"[IMAGE] [{account_mgr.config.account_id}] [req_{request_id}] 获取文件元数据失败: {resp.status_code}")
-        return {}
-
-    data = resp.json()
-    result = {}
-    file_metadata_list = data.get("listSessionFileMetadataResponse", {}).get("fileMetadata", [])
-    for fm in file_metadata_list:
-        fid = fm.get("fileId")
-        if fid:
-            result[fid] = fm
-
-    return result
-
-
-def build_image_download_url(session_name: str, file_id: str) -> str:
-    """构造图片下载URL"""
-    return f"https://biz-discoveryengine.googleapis.com/v1alpha/{session_name}:downloadFile?fileId={file_id}&alt=media"
-
-
-async def download_image_with_jwt(account_mgr: AccountManager, session_name: str, file_id: str, request_id: str = "", max_retries: int = 3) -> bytes:
-    """
-    使用JWT认证下载图片（带超时和重试机制）
-
-    Args:
-        account_mgr: 账户管理器
-        session_name: Session名称
-        file_id: 文件ID
-        request_id: 请求ID
-        max_retries: 最大重试次数（默认3次）
-
-    Returns:
-        图片字节数据
-
-    Raises:
-        HTTPException: 下载失败
-        asyncio.TimeoutError: 超时
-    """
-    url = build_image_download_url(session_name, file_id)
-    logger.info(f"[IMAGE] [{account_mgr.config.account_id}] [req_{request_id}] 开始下载图片: {file_id[:8]}...")
-
-    for attempt in range(max_retries):
-        try:
-            # 3分钟超时（180秒）
-            async with asyncio.timeout(180):
-                jwt = await account_mgr.get_jwt(request_id)
-                headers = get_common_headers(jwt)
-
-                # 复用全局http_client
-                resp = await http_client.get(url, headers=headers, follow_redirects=True)
-
-                if resp.status_code == 401:
-                    # JWT过期，刷新后重试
-                    jwt = await account_mgr.get_jwt(request_id)
-                    headers = get_common_headers(jwt)
-                    resp = await http_client.get(url, headers=headers, follow_redirects=True)
-
-                resp.raise_for_status()
-                logger.info(f"[IMAGE] [{account_mgr.config.account_id}] [req_{request_id}] 图片下载成功: {file_id[:8]}... ({len(resp.content)} bytes)")
-                return resp.content
-
-        except asyncio.TimeoutError:
-            logger.warning(f"[IMAGE] [{account_mgr.config.account_id}] [req_{request_id}] 图片下载超时 (尝试 {attempt + 1}/{max_retries}): {file_id[:8]}...")
-            if attempt == max_retries - 1:
-                raise HTTPException(504, f"Image download timeout after {max_retries} attempts")
-            await asyncio.sleep(2 ** attempt)  # 指数退避：2s, 4s, 8s
-
-        except httpx.HTTPError as e:
-            logger.warning(f"[IMAGE] [{account_mgr.config.account_id}] [req_{request_id}] 图片下载失败 (尝试 {attempt + 1}/{max_retries}): {type(e).__name__}")
-            if attempt == max_retries - 1:
-                raise HTTPException(500, f"Image download failed: {str(e)[:100]}")
-            await asyncio.sleep(2 ** attempt)  # 指数退避
-
-        except Exception as e:
-            logger.error(f"[IMAGE] [{account_mgr.config.account_id}] [req_{request_id}] 图片下载异常: {type(e).__name__}: {str(e)[:100]}")
-            raise
-
-    # 不应该到达这里
-    raise HTTPException(500, "Image download failed unexpectedly")
-
-
-
-def save_image_to_hf(image_data: bytes, chat_id: str, file_id: str, mime_type: str, base_url: str) -> str:
-    """保存图片到持久化存储,返回完整的公开URL"""
-    ext_map = {"image/png": ".png", "image/jpeg": ".jpg", "image/gif": ".gif", "image/webp": ".webp"}
-    ext = ext_map.get(mime_type, ".png")
-
-    filename = f"{chat_id}_{file_id}{ext}"
-    save_path = os.path.join(IMAGE_DIR, filename)
-
-    # 目录已在启动时创建(Line 635),无需重复创建
-    with open(save_path, "wb") as f:
-        f.write(image_data)
-
-    return f"{base_url}/images/{filename}"
-
 async def stream_chat_generator(session: str, text_content: str, file_ids: List[str], model_name: str, chat_id: str, created_time: int, account_manager: AccountManager, is_stream: bool = True, request_id: str = "", request: Request = None):
     start_time = time.time()
 
@@ -1929,7 +1284,7 @@ async def stream_chat_generator(session: str, text_content: str, file_ids: List[
         logger.info(f"[API] [{account_manager.config.account_id}] [req_{request_id}] 附带文件: {len(file_ids)}个")
 
     jwt = await account_manager.get_jwt(request_id)
-    headers = get_common_headers(jwt)
+    headers = get_common_headers(jwt, USER_AGENT)
 
     body = {
         "configId": account_manager.config.config_id,
@@ -2006,7 +1361,7 @@ async def stream_chat_generator(session: str, text_content: str, file_ids: List[
 
                     try:
                         base_url = get_base_url(request) if request else ""
-                        file_metadata = await get_session_file_metadata(account_manager, session_name, request_id)
+                        file_metadata = await get_session_file_metadata(account_manager, session_name, http_client, USER_AGENT, request_id)
 
                         # 并行下载所有图片
                         download_tasks = []
@@ -2015,7 +1370,7 @@ async def stream_chat_generator(session: str, text_content: str, file_ids: List[
                             mime = file_info["mimeType"]
                             meta = file_metadata.get(fid, {})
                             correct_session = meta.get("session") or session_name
-                            task = download_image_with_jwt(account_manager, correct_session, fid, request_id)
+                            task = download_image_with_jwt(account_manager, correct_session, fid, http_client, USER_AGENT, request_id)
                             download_tasks.append((fid, mime, task))
 
                         results = await asyncio.gather(*[task for _, _, task in download_tasks], return_exceptions=True)
@@ -2026,7 +1381,7 @@ async def stream_chat_generator(session: str, text_content: str, file_ids: List[
                                 logger.error(f"[IMAGE] [{account_manager.config.account_id}] [req_{request_id}] 图片{idx}下载失败: {type(result).__name__}")
                                 continue
 
-                            image_url = save_image_to_hf(result, chat_id, fid, mime, base_url)
+                            image_url = save_image_to_hf(result, chat_id, fid, mime, base_url, IMAGE_DIR)
                             logger.info(f"[IMAGE] [{account_manager.config.account_id}] [req_{request_id}] 图片{idx}已保存: {image_url}")
 
                             markdown = f"\n\n![生成的图片]({image_url})\n\n"
@@ -2132,8 +1487,10 @@ async def get_public_logs(request: Request, limit: int = 100):
             # 记录新访问（24小时内同一IP只计数一次）
             if client_ip not in global_stats["visitor_ips"]:
                 global_stats["visitor_ips"][client_ip] = current_time
-                global_stats["total_visitors"] = len(global_stats["visitor_ips"])
-                await save_stats(global_stats)
+
+            # 同步访问者计数（清理后的实际数量）
+            global_stats["total_visitors"] = len(global_stats["visitor_ips"])
+            await save_stats(global_stats)
 
         sanitized_logs = get_sanitized_logs(limit=min(limit, 1000))
         return {

requirements.txt

@@ -3,4 +3,6 @@ uvicorn[standard]==0.29.0
 httpx==0.27.0
 pydantic==2.7.0
 aiofiles==24.1.0
-python-dotenv==1.0.1
+python-dotenv==1.0.1
+itsdangerous==2.1.2
+python-multipart==0.0.6