Upload 9 files

internal/handler/account.go

@@ -0,0 +1,774 @@
+package handler
+
+import (
+	"fmt"
+	"log"
+	"net/http"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/gin-gonic/gin"
+	"zencoder-2api/internal/database"
+	"zencoder-2api/internal/model"
+	"zencoder-2api/internal/service"
+)
+
+type AccountHandler struct{}
+
+func NewAccountHandler() *AccountHandler {
+	return &AccountHandler{}
+}
+
+func (h *AccountHandler) List(c *gin.Context) {
+	page, _ := strconv.Atoi(c.DefaultQuery("page", "1"))
+	size, _ := strconv.Atoi(c.DefaultQuery("size", "10"))
+	
+	// 兼容旧的 category 参数，优先使用 status
+	status := c.DefaultQuery("status", "")
+	if status == "" {
+		category := c.DefaultQuery("category", "normal")
+		if category == "abnormal" {
+			status = "cooling"
+		} else {
+			status = category
+		}
+	}
+
+	if page < 1 {
+		page = 1
+	}
+	if size < 1 {
+		size = 10
+	}
+
+	var accounts []model.Account
+	var total int64
+
+	query := database.GetDB().Model(&model.Account{})
+	if status != "all" {
+		query = query.Where("status = ?", status)
+	}
+
+	if err := query.Count(&total).Error; err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+		return
+	}
+
+	offset := (page - 1) * size
+	if err := query.Offset(offset).Limit(size).Order("id desc").Find(&accounts).Error; err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+		return
+	}
+	
+	// 调试日志：输出冷却账号的信息
+	if status == "cooling" {
+		for _, acc := range accounts {
+			if !acc.CoolingUntil.IsZero() {
+				log.Printf("[DEBUG] 冷却账号 %s (ID:%d) - CoolingUntil: %s (UTC), 现在: %s (UTC)",
+					acc.Email, acc.ID,
+					acc.CoolingUntil.Format("2006-01-02 15:04:05"),
+					time.Now().UTC().Format("2006-01-02 15:04:05"))
+			}
+		}
+	}
+
+	// Calculate Stats
+	var stats struct {
+		TotalAccounts  int64   `json:"total_accounts"`
+		NormalAccounts int64   `json:"normal_accounts"` // 原 active_accounts
+		BannedAccounts int64   `json:"banned_accounts"`
+		ErrorAccounts  int64   `json:"error_accounts"`
+		CoolingAccounts int64  `json:"cooling_accounts"`
+		DisabledAccounts int64 `json:"disabled_accounts"`
+		TodayUsage     float64 `json:"today_usage"`
+		TotalUsage     float64 `json:"total_usage"`
+	}
+
+	db := database.GetDB()
+
+	db.Model(&model.Account{}).Count(&stats.TotalAccounts)
+	db.Model(&model.Account{}).Where("status = ?", "normal").Count(&stats.NormalAccounts)
+	db.Model(&model.Account{}).Where("status = ?", "banned").Count(&stats.BannedAccounts)
+	db.Model(&model.Account{}).Where("status = ?", "error").Count(&stats.ErrorAccounts)
+	db.Model(&model.Account{}).Where("status = ?", "cooling").Count(&stats.CoolingAccounts)
+	db.Model(&model.Account{}).Where("status = ?", "disabled").Count(&stats.DisabledAccounts)
+
+	db.Model(&model.Account{}).Select("COALESCE(SUM(daily_used), 0)").Scan(&stats.TodayUsage)
+	db.Model(&model.Account{}).Select("COALESCE(SUM(total_used), 0)").Scan(&stats.TotalUsage)
+
+	// 兼容前端旧字段
+	statsMap := map[string]interface{}{
+		"total_accounts":    stats.TotalAccounts,
+		"active_accounts":   stats.NormalAccounts,
+		"banned_accounts":   stats.BannedAccounts,
+		"error_accounts":    stats.ErrorAccounts,
+		"cooling_accounts":  stats.CoolingAccounts,
+		"disabled_accounts": stats.DisabledAccounts,
+		"today_usage":       stats.TodayUsage,
+		"total_usage":       stats.TotalUsage,
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"items": accounts,
+		"total": total,
+		"page":  page,
+		"size":  size,
+		"stats": statsMap,
+	})
+}
+
+type BatchCategoryRequest struct {
+	IDs      []uint `json:"ids"`
+	Category string `json:"category"` // 前端可能还传 category
+	Status   string `json:"status"`
+}
+
+func (h *AccountHandler) BatchUpdateCategory(c *gin.Context) {
+	var req BatchCategoryRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	if len(req.IDs) == 0 {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "no ids provided"})
+		return
+	}
+
+	status := req.Status
+	if status == "" {
+		status = req.Category
+	}
+
+	updates := map[string]interface{}{
+		"status": status,
+		// 兼容旧字段
+		"category": status,
+	}
+
+	switch status {
+	case "normal":
+		updates["is_active"] = true
+		updates["is_cooling"] = false
+	case "cooling":
+		updates["is_active"] = true // cooling 也是 active 的一种? 不，cooling 不参与轮询
+		updates["is_cooling"] = true
+	case "disabled":
+		updates["is_active"] = false
+		updates["is_cooling"] = false
+	default: // banned, error
+		updates["is_active"] = false
+		updates["is_cooling"] = false
+	}
+
+	if err := database.GetDB().Model(&model.Account{}).Where("id IN ?", req.IDs).Updates(updates).Error; err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+		return
+	}
+
+	// 触发 refresh? 为了性能这里不触发，等待自动刷新
+	c.JSON(http.StatusOK, gin.H{"message": "updated", "count": len(req.IDs)})
+}
+
+type MoveAllRequest struct {
+	FromStatus string `json:"from_status"`
+	ToStatus   string `json:"to_status"`
+}
+
+// BatchMoveAll 一键移动某个分类的所有账号到另一个分类
+func (h *AccountHandler) BatchMoveAll(c *gin.Context) {
+	var req MoveAllRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	if req.FromStatus == "" || req.ToStatus == "" {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "from_status and to_status are required"})
+		return
+	}
+
+	if req.FromStatus == req.ToStatus {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "from_status and to_status cannot be the same"})
+		return
+	}
+
+	updates := map[string]interface{}{
+		"status": req.ToStatus,
+		// 兼容旧字段
+		"category": req.ToStatus,
+	}
+
+	// 根据目标状态设置相应的标志
+	switch req.ToStatus {
+	case "normal":
+		updates["is_active"] = true
+		updates["is_cooling"] = false
+		updates["error_count"] = 0
+		updates["ban_reason"] = ""
+	case "cooling":
+		updates["is_active"] = false
+		updates["is_cooling"] = true
+		updates["ban_reason"] = ""
+	case "disabled":
+		updates["is_active"] = false
+		updates["is_cooling"] = false
+		updates["ban_reason"] = ""
+	case "banned":
+		updates["is_active"] = false
+		updates["is_cooling"] = false
+	case "error":
+		updates["is_active"] = false
+		updates["is_cooling"] = false
+	default:
+		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid to_status"})
+		return
+	}
+
+	// 执行批量更新
+	result := database.GetDB().Model(&model.Account{}).Where("status = ?", req.FromStatus).Updates(updates)
+	if result.Error != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": result.Error.Error()})
+		return
+	}
+
+	log.Printf("[批量移动] 从 %s 移动到 %s，影响 %d 个账号", req.FromStatus, req.ToStatus, result.RowsAffected)
+
+	c.JSON(http.StatusOK, gin.H{
+		"message":     "moved successfully",
+		"moved_count": result.RowsAffected,
+		"from_status": req.FromStatus,
+		"to_status":   req.ToStatus,
+	})
+}
+
+type BatchRefreshTokenRequest struct {
+	IDs []uint `json:"ids"`      // 选中的账号IDs，如果为空则刷新所有账号
+	All bool   `json:"all"`      // 是否刷新所有账号
+}
+
+type BatchDeleteRequest struct {
+	IDs       []uint `json:"ids"`       // 选中的账号IDs
+	DeleteAll bool   `json:"delete_all"` // 是否删除分类中的所有账号
+	Status    string `json:"status"`    // 要删除的分类状态
+}
+
+// BatchRefreshToken 批量刷新账号token
+func (h *AccountHandler) BatchRefreshToken(c *gin.Context) {
+	var req BatchRefreshTokenRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	// 设置流式响应头
+	c.Header("Content-Type", "text/event-stream")
+	c.Header("Cache-Control", "no-cache")
+	c.Header("Connection", "keep-alive")
+	c.Header("X-Accel-Buffering", "no")
+
+	flusher, ok := c.Writer.(http.Flusher)
+	if !ok {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "流式传输不支持"})
+		return
+	}
+
+	var accounts []model.Account
+	var err error
+
+	// 根据请求类型获取要刷新的账号
+	if req.All {
+		// 刷新所有状态为normal且有refresh_token的账号
+		err = database.GetDB().Where("status = ? AND (client_id != '' AND client_secret != '')", "normal").Find(&accounts).Error
+		if err != nil {
+			c.JSON(http.StatusInternalServerError, gin.H{"error": "获取账号列表失败: " + err.Error()})
+			return
+		}
+		log.Printf("[批量刷新Token] 准备刷新所有正常账号，共 %d 个", len(accounts))
+	} else if len(req.IDs) > 0 {
+		// 刷新选中的账号
+		err = database.GetDB().Where("id IN ? AND (client_id != '' AND client_secret != '')", req.IDs).Find(&accounts).Error
+		if err != nil {
+			c.JSON(http.StatusInternalServerError, gin.H{"error": "获取选中账号失败: " + err.Error()})
+			return
+		}
+		log.Printf("[批量刷新Token] 准备刷新选中账号，共 %d 个", len(accounts))
+	} else {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "请选择要刷新的账号或选择刷新所有账号"})
+		return
+	}
+
+	if len(accounts) == 0 {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "没有找到可刷新的账号"})
+		return
+	}
+
+	// 发送开始消息
+	fmt.Fprintf(c.Writer, "data: {\"type\":\"start\",\"total\":%d}\n\n", len(accounts))
+	flusher.Flush()
+
+	successCount := 0
+	failCount := 0
+
+	// 逐个刷新token
+	for i, account := range accounts {
+		log.Printf("[批量刷新Token] 开始刷新第 %d/%d 个账号: %s (ID:%d)", i+1, len(accounts), account.ClientID, account.ID)
+		
+		// 使用OAuth client credentials刷新token
+		if err := service.RefreshAccountToken(&account); err != nil {
+			failCount++
+			errMsg := fmt.Sprintf("刷新失败: %v", err)
+			
+			// 检查是否是账号锁定错误
+			if lockoutErr, ok := err.(*service.AccountLockoutError); ok {
+				errMsg = fmt.Sprintf("账号被锁定已自动标记为封禁: %s", lockoutErr.Body)
+				log.Printf("[批量刷新Token] 第 %d/%d 个账号被锁定: %s - %s", i+1, len(accounts), account.ClientID, lockoutErr.Body)
+			} else {
+				log.Printf("[批量刷新Token] 第 %d/%d 个账号刷新失败: %s - %v", i+1, len(accounts), account.ClientID, err)
+			}
+			
+			fmt.Fprintf(c.Writer, "data: {\"type\":\"error\",\"index\":%d,\"account_id\":\"%s\",\"message\":\"%s\"}\n\n", i+1, account.ClientID, errMsg)
+			flusher.Flush()
+		} else {
+			successCount++
+			log.Printf("[批量刷新Token] 第 %d/%d 个账号刷新成功: %s (ID:%d)", i+1, len(accounts), account.ClientID, account.ID)
+			fmt.Fprintf(c.Writer, "data: {\"type\":\"success\",\"index\":%d,\"account_id\":\"%s\",\"email\":\"%s\"}\n\n", i+1, account.ClientID, account.Email)
+			flusher.Flush()
+		}
+
+		// 添加延迟避免请求过快
+		if i < len(accounts)-1 {
+			time.Sleep(200 * time.Millisecond)
+		}
+	}
+
+	// 发送完成消息
+	log.Printf("[批量刷新Token] 完成: 成功 %d 个, 失败 %d 个", successCount, failCount)
+	fmt.Fprintf(c.Writer, "data: {\"type\":\"complete\",\"success\":%d,\"fail\":%d}\n\n", successCount, failCount)
+	flusher.Flush()
+}
+
+func (h *AccountHandler) Create(c *gin.Context) {
+	var req model.AccountRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	// 生成模式 - 固定生成1个账号
+	if req.GenerateMode {
+		// 检查是否提供了 refresh_token 或 access_token
+		if req.RefreshToken == "" && req.Token == "" {
+			c.JSON(http.StatusBadRequest, gin.H{"error": "生成模式需要提供 access_token 或 RefreshToken"})
+			return
+		}
+
+		// 优先使用 access_token，如果同时提供了两个字段
+		var masterToken string
+		
+		if req.Token != "" {
+			// 直接使用提供的 access_token
+			masterToken = req.Token
+			log.Printf("[生成凭证] 使用提供的 access_token")
+		} else {
+			// 使用 refresh_token 获取 access_token
+			tokenResp, err := service.RefreshAccessToken(req.RefreshToken, req.Proxy)
+			if err != nil {
+				c.JSON(http.StatusBadRequest, gin.H{"error": "RefreshToken 无效: " + err.Error()})
+				return
+			}
+			masterToken = tokenResp.AccessToken
+			log.Printf("[生成凭证] 通过 RefreshToken 获取了 access_token")
+		}
+
+		log.Printf("[生成凭证] 开始生成账号凭证")
+		
+		// 生成凭证
+		cred, err := service.GenerateCredential(masterToken)
+		if err != nil {
+			c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("生成失败: %v", err)})
+			return
+		}
+
+		log.Printf("[生成凭证] 凭证生成成功: ClientID=%s", cred.ClientID)
+
+		// 创建账号
+		account := model.Account{
+			ClientID:     cred.ClientID,
+			ClientSecret: cred.Secret,
+			Proxy:        req.Proxy,
+			IsActive:     true,
+			Status:       "normal",
+		}
+
+		// 使用生成的client_id和client_secret获取token
+		// 使用OAuth client credentials方式刷新token，使用 https://fe.zencoder.ai/oauth/token
+		if _, err := service.RefreshToken(&account); err != nil {
+			c.JSON(http.StatusBadRequest, gin.H{"error": fmt.Sprintf("认证失败: %v", err)})
+			return
+		}
+
+		// 解析 Token 获取详细信息
+		if payload, err := service.ParseJWT(account.AccessToken); err == nil {
+			account.Email = payload.Email
+			account.SubscriptionStartDate = service.GetSubscriptionDate(payload)
+			
+			if payload.Expiration > 0 {
+				account.TokenExpiry = time.Unix(payload.Expiration, 0)
+			}
+
+			plan := payload.CustomClaims.Plan
+			if plan != "" {
+				plan = strings.ToUpper(plan[:1]) + plan[1:]
+			}
+			if plan != "" {
+				account.PlanType = model.PlanType(plan)
+			}
+		}
+		if account.PlanType == "" {
+			account.PlanType = model.PlanFree
+		}
+
+		// 检查是否已存在
+		var existing model.Account
+		var count int64
+		database.GetDB().Model(&model.Account{}).Where("client_id = ?", account.ClientID).Count(&count)
+		if count > 0 {
+			// 获取现有账号
+			database.GetDB().Where("client_id = ?", account.ClientID).First(&existing)
+			// 更新现有账号
+			existing.AccessToken = account.AccessToken
+			existing.TokenExpiry = account.TokenExpiry
+			existing.PlanType = account.PlanType
+			existing.Email = account.Email
+			existing.SubscriptionStartDate = account.SubscriptionStartDate
+			existing.IsActive = true
+			existing.Status = "normal" // 重新激活
+			existing.ClientSecret = account.ClientSecret
+			if account.Proxy != "" {
+				existing.Proxy = account.Proxy
+			}
+
+			if err := database.GetDB().Save(&existing).Error; err != nil {
+				c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("更新失败: %v", err)})
+				return
+			}
+			
+			log.Printf("[添加账号] 账号更新成功: ClientID=%s, Email=%s, Plan=%s", existing.ClientID, existing.Email, existing.PlanType)
+			c.JSON(http.StatusOK, existing)
+		} else {
+			// 创建新账号
+			if err := database.GetDB().Create(&account).Error; err != nil {
+				c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("创建失败: %v", err)})
+				return
+			}
+			
+			log.Printf("[添加账号] 新账号创建成功: ClientID=%s, Email=%s, Plan=%s", account.ClientID, account.Email, account.PlanType)
+			c.JSON(http.StatusCreated, account)
+		}
+		return
+	}
+
+	// 原有的单个账号添加逻辑 - 现在使用 refresh_token
+	account := model.Account{
+		Proxy:    req.Proxy,
+		IsActive: true,
+		Status:   "normal",
+	}
+
+	// 优先使用 access_token，如果同时提供了两个字段则不使用 refresh_token
+	if req.Token != "" && req.RefreshToken != "" {
+		log.Printf("[凭证模式] 同时提供了 access_token 和 RefreshToken，优先使用 access_token")
+	}
+	
+	if req.Token != "" {
+		// JWT Parsing Logic
+		payload, err := service.ParseJWT(req.Token)
+		if err != nil {
+			c.JSON(http.StatusBadRequest, gin.H{"error": "无效的Token: " + err.Error()})
+			return
+		}
+
+		account.AccessToken = req.Token
+		// 优先使用ClientID字段，如果没有则使用Subject
+		if payload.ClientID != "" {
+			account.ClientID = payload.ClientID
+		} else {
+			account.ClientID = payload.Subject
+		}
+
+		account.Email = payload.Email
+		account.SubscriptionStartDate = service.GetSubscriptionDate(payload)
+
+		if payload.Expiration > 0 {
+			account.TokenExpiry = time.Unix(payload.Expiration, 0)
+		} else {
+			account.TokenExpiry = time.Now().Add(24 * time.Hour) // 默认24小时
+		}
+
+		// Map PlanType
+		plan := payload.CustomClaims.Plan
+		
+		// Simple normalization
+		if plan != "" {
+			plan = strings.ToUpper(plan[:1]) + plan[1:]
+		}
+		account.PlanType = model.PlanType(plan)
+		if account.PlanType == "" {
+			account.PlanType = model.PlanFree
+		}
+
+		// Placeholder for secret since it's required by DB but not in JWT
+		account.ClientSecret = "jwt-login"
+	} else if req.RefreshToken != "" {
+		// 只提供了 refresh_token，使用它来获取 access_token
+		tokenResp, err := service.RefreshAccessToken(req.RefreshToken, req.Proxy)
+		if err != nil {
+			c.JSON(http.StatusBadRequest, gin.H{"error": "RefreshToken 无效: " + err.Error()})
+			return
+		}
+
+		account.AccessToken = tokenResp.AccessToken
+		account.RefreshToken = tokenResp.RefreshToken
+		account.TokenExpiry = time.Now().Add(time.Duration(tokenResp.ExpiresIn) * time.Second)
+
+		// 解析 Token 获取详细信息
+		if payload, err := service.ParseJWT(tokenResp.AccessToken); err == nil {
+			// 设置 Email
+			if payload.Email != "" {
+				account.Email = payload.Email
+			} else if tokenResp.Email != "" {
+				account.Email = tokenResp.Email
+			}
+			
+			// 设置 ClientID - 优先使用 Email 作为唯一标识符
+			if payload.Email != "" {
+				account.ClientID = payload.Email
+			} else if payload.Subject != "" {
+				account.ClientID = payload.Subject
+			} else if payload.ClientID != "" {
+				account.ClientID = payload.ClientID
+			}
+			
+			account.SubscriptionStartDate = service.GetSubscriptionDate(payload)
+
+			// Map PlanType
+			plan := payload.CustomClaims.Plan
+			if plan != "" {
+				plan = strings.ToUpper(plan[:1]) + plan[1:]
+			}
+			account.PlanType = model.PlanType(plan)
+			if account.PlanType == "" {
+				account.PlanType = model.PlanFree
+			}
+			
+			log.Printf("[凭证模式-RefreshToken] 解析JWT成功: ClientID=%s, Email=%s, Plan=%s",
+				account.ClientID, account.Email, account.PlanType)
+		} else {
+			log.Printf("[凭证模式-RefreshToken] 解析JWT失败: %v", err)
+			// 如果JWT解析失败，使用 tokenResp 中的信息
+			if tokenResp.UserID != "" {
+				account.ClientID = tokenResp.UserID
+				account.Email = tokenResp.UserID
+			}
+		}
+
+		// 生成一个占位 ClientSecret
+		account.ClientSecret = "refresh-token-login"
+		
+		// 确保 ClientID 不为空
+		if account.ClientID == "" {
+			c.JSON(http.StatusBadRequest, gin.H{"error": "无法获取用户信息，请检查RefreshToken是否有效"})
+			return
+		}
+		
+	} else {
+		// Old Logic
+		if req.PlanType == "" {
+			req.PlanType = model.PlanFree
+		}
+		account.ClientID = req.ClientID
+		account.ClientSecret = req.ClientSecret
+		account.Email = req.Email
+		account.PlanType = req.PlanType
+
+		// 验证Token是否能正确获取
+		if _, err := service.RefreshToken(&account); err != nil {
+			c.JSON(http.StatusBadRequest, gin.H{"error": "认证失败: " + err.Error()})
+			return
+		}
+
+		// 解析Token获取详细信息
+		if payload, err := service.ParseJWT(account.AccessToken); err == nil {
+			if account.Email == "" {
+				account.Email = payload.Email
+			}
+			account.SubscriptionStartDate = service.GetSubscriptionDate(payload)
+			
+			if payload.Expiration > 0 {
+				account.TokenExpiry = time.Unix(payload.Expiration, 0)
+			}
+
+			plan := payload.CustomClaims.Plan
+			if plan != "" {
+				plan = strings.ToUpper(plan[:1]) + plan[1:]
+			}
+			if plan != "" {
+				account.PlanType = model.PlanType(plan)
+			}
+		}
+		if account.PlanType == "" {
+			account.PlanType = model.PlanFree
+		}
+	}
+
+	// Check if account exists - 使用 Count 避免 record not found 警告
+	var existing model.Account
+	var count int64
+	database.GetDB().Model(&model.Account{}).Where("client_id = ?", account.ClientID).Count(&count)
+	if count > 0 {
+		// 获取现有账号
+		database.GetDB().Where("client_id = ?", account.ClientID).First(&existing)
+		// Update existing
+		existing.AccessToken = account.AccessToken
+		existing.RefreshToken = account.RefreshToken // 更新 refresh_token
+		existing.TokenExpiry = account.TokenExpiry
+		existing.PlanType = account.PlanType
+		existing.Email = account.Email
+		existing.SubscriptionStartDate = account.SubscriptionStartDate
+		existing.IsActive = true
+		existing.Status = "normal"
+		if account.Proxy != "" {
+			existing.Proxy = account.Proxy
+		}
+		// If secret was provided manually, update it. If placeholder, keep existing.
+		if account.ClientSecret != "jwt-login" && account.ClientSecret != "refresh-token-login" {
+			existing.ClientSecret = account.ClientSecret
+		}
+
+		if err := database.GetDB().Save(&existing).Error; err != nil {
+			c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+			return
+		}
+		c.JSON(http.StatusOK, existing)
+		return
+	}
+
+	if err := database.GetDB().Create(&account).Error; err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusCreated, account)
+}
+
+func (h *AccountHandler) Update(c *gin.Context) {
+	id := c.Param("id")
+	var account model.Account
+	if err := database.GetDB().First(&account, id).Error; err != nil {
+		c.JSON(http.StatusNotFound, gin.H{"error": "account not found"})
+		return
+	}
+
+	var req model.AccountRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	account.Email = req.Email
+	account.PlanType = req.PlanType
+	account.Proxy = req.Proxy
+
+	if err := database.GetDB().Save(&account).Error; err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusOK, account)
+}
+
+// BatchDelete 批量删除账号
+func (h *AccountHandler) BatchDelete(c *gin.Context) {
+	var req BatchDeleteRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	var deletedCount int64
+
+	if req.DeleteAll {
+		// 删除指定分类的所有账号
+		if req.Status == "" {
+			c.JSON(http.StatusBadRequest, gin.H{"error": "delete_all模式需要指定status"})
+			return
+		}
+
+		// 执行删除操作
+		result := database.GetDB().Where("status = ?", req.Status).Delete(&model.Account{})
+		if result.Error != nil {
+			c.JSON(http.StatusInternalServerError, gin.H{"error": result.Error.Error()})
+			return
+		}
+
+		deletedCount = result.RowsAffected
+		log.Printf("[批量删除] 删除分类 %s 的所有账号，共删除 %d 个", req.Status, deletedCount)
+
+	} else {
+		// 删除选中的账号
+		if len(req.IDs) == 0 {
+			c.JSON(http.StatusBadRequest, gin.H{"error": "未选择要删除的账号"})
+			return
+		}
+
+		// 执行删除操作
+		result := database.GetDB().Where("id IN ?", req.IDs).Delete(&model.Account{})
+		if result.Error != nil {
+			c.JSON(http.StatusInternalServerError, gin.H{"error": result.Error.Error()})
+			return
+		}
+
+		deletedCount = result.RowsAffected
+		log.Printf("[批量删除] 删除选中的 %d 个账号，实际删除 %d 个", len(req.IDs), deletedCount)
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"message":       "批量删除成功",
+		"deleted_count": deletedCount,
+	})
+}
+
+func (h *AccountHandler) Delete(c *gin.Context) {
+	id := c.Param("id")
+	if err := database.GetDB().Delete(&model.Account{}, id).Error; err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+		return
+	}
+	c.JSON(http.StatusOK, gin.H{"message": "deleted"})
+}
+
+func (h *AccountHandler) Toggle(c *gin.Context) {
+	id := c.Param("id")
+	var account model.Account
+	if err := database.GetDB().First(&account, id).Error; err != nil {
+		c.JSON(http.StatusNotFound, gin.H{"error": "account not found"})
+		return
+	}
+
+	// 切换 Disabled / Normal
+	if account.Status == "disabled" || !account.IsActive {
+		account.Status = "normal"
+		account.IsActive = true
+		account.IsCooling = false
+		account.ErrorCount = 0
+	} else {
+		account.Status = "disabled"
+		account.IsActive = false
+	}
+	
+	database.GetDB().Save(&account)
+
+	c.JSON(http.StatusOK, account)
+}

internal/handler/anthropic.go

@@ -0,0 +1,57 @@
+package handler
+
+import (
+	"context"
+	"crypto/rand"
+	"encoding/hex"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+
+	"zencoder-2api/internal/service"
+
+	"github.com/gin-gonic/gin"
+)
+
+type AnthropicHandler struct {
+	svc *service.AnthropicService
+}
+
+func NewAnthropicHandler() *AnthropicHandler {
+	return &AnthropicHandler{svc: service.NewAnthropicService()}
+}
+
+// generateTraceID 生成一个随机的 trace ID
+func generateAnthropicTraceID() string {
+	b := make([]byte, 16)
+	rand.Read(b)
+	return hex.EncodeToString(b)
+}
+
+// Messages 处理 POST /v1/messages
+func (h *AnthropicHandler) Messages(c *gin.Context) {
+	body, err := io.ReadAll(c.Request.Body)
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	// 传递原始请求头给service层，用于错误日志记录
+	ctx := context.WithValue(c.Request.Context(), "originalHeaders", c.Request.Header)
+	
+	if err := h.svc.MessagesProxy(ctx, c.Writer, body); err != nil {
+		h.handleError(c, err)
+	}
+}
+
+// handleError 统一处理错误，特别是没有可用账号的错误
+func (h *AnthropicHandler) handleError(c *gin.Context, err error) {
+	if errors.Is(err, service.ErrNoAvailableAccount) || errors.Is(err, service.ErrNoPermission) {
+		traceID := generateAnthropicTraceID()
+		errMsg := fmt.Sprintf("没有可用token（traceid: %s）", traceID)
+		c.JSON(http.StatusServiceUnavailable, gin.H{"error": errMsg})
+		return
+	}
+	c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+}

internal/handler/external.go

@@ -0,0 +1,209 @@
+package handler
+
+import (
+	"fmt"
+	"log"
+	"net/http"
+	"strings"
+	"time"
+
+	"github.com/gin-gonic/gin"
+	"zencoder-2api/internal/database"
+	"zencoder-2api/internal/model"
+	"zencoder-2api/internal/service"
+)
+
+type ExternalHandler struct{}
+
+func NewExternalHandler() *ExternalHandler {
+	return &ExternalHandler{}
+}
+
+// ExternalTokenRequest 外部API提交token请求结构
+type ExternalTokenRequest struct {
+	AccessToken  string `json:"access_token"`  // OAuth获取的access_token
+	RefreshToken string `json:"refresh_token"` // OAuth获取的refresh_token
+	Proxy        string `json:"proxy"`         // 可选的代理设置
+}
+
+// ExternalTokenResponse 外部API响应结构
+type ExternalTokenResponse struct {
+	Success bool           `json:"success"`
+	Message string         `json:"message"`
+	Account *model.Account `json:"account,omitempty"`
+	Error   string         `json:"error,omitempty"`
+}
+
+// SubmitTokens 外部API接口：接收OAuth token信息并生成账号记录
+func (h *ExternalHandler) SubmitTokens(c *gin.Context) {
+	var req ExternalTokenRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, ExternalTokenResponse{
+			Success: false,
+			Error:   "请求格式错误: " + err.Error(),
+		})
+		return
+	}
+
+	// 验证必要字段
+	if req.AccessToken == "" && req.RefreshToken == "" {
+		c.JSON(http.StatusBadRequest, ExternalTokenResponse{
+			Success: false,
+			Error:   "必须提供 access_token 或 refresh_token",
+		})
+		return
+	}
+
+	log.Printf("[外部API] 收到token提交请求，access_token长度: %d, refresh_token长度: %d", 
+		len(req.AccessToken), len(req.RefreshToken))
+
+	// 优先使用 access_token，如果同时提供了两个字段
+	var masterToken string
+	
+	if req.AccessToken != "" {
+		// 直接使用提供的 access_token
+		masterToken = req.AccessToken
+		log.Printf("[外部API] 使用提供的 access_token")
+	} else {
+		// 使用 refresh_token 获取 access_token
+		tokenResp, err := service.RefreshAccessToken(req.RefreshToken, req.Proxy)
+		if err != nil {
+			c.JSON(http.StatusBadRequest, ExternalTokenResponse{
+				Success: false,
+				Error:   "RefreshToken 无效: " + err.Error(),
+			})
+			return
+		}
+		masterToken = tokenResp.AccessToken
+		log.Printf("[外部API] 通过 RefreshToken 获取了 access_token")
+	}
+
+	log.Printf("[外部API] 开始生成账号凭证")
+	
+	// 生成凭证
+	cred, err := service.GenerateCredential(masterToken)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, ExternalTokenResponse{
+			Success: false,
+			Error:   fmt.Sprintf("生成失败: %v", err),
+		})
+		return
+	}
+
+	log.Printf("[外部API] 凭证生成成功: ClientID=%s", cred.ClientID)
+
+	// 创建账号
+	account := model.Account{
+		ClientID:     cred.ClientID,
+		ClientSecret: cred.Secret,
+		Proxy:        req.Proxy,
+		IsActive:     true,
+		Status:       "normal",
+	}
+
+	// 使用生成的client_id和client_secret获取token，带重试机制
+	// 使用OAuth client credentials方式刷新token，使用 https://fe.zencoder.ai/oauth/token
+	maxRetries := 3
+	retryDelay := 2 * time.Second
+	var lastErr error
+	
+	for attempt := 1; attempt <= maxRetries; attempt++ {
+		log.Printf("[外部API] 尝试获取token，第 %d/%d 次", attempt, maxRetries)
+		
+		if _, err := service.RefreshToken(&account); err != nil {
+			lastErr = err
+			log.Printf("[外部API] 第 %d 次获取token失败: %v", attempt, err)
+			
+			if attempt < maxRetries {
+				log.Printf("[外部API] 等待 %v 后重试", retryDelay)
+				time.Sleep(retryDelay)
+				continue
+			}
+		} else {
+			log.Printf("[外部API] 第 %d 次获取token成功", attempt)
+			lastErr = nil
+			break
+		}
+	}
+	
+	if lastErr != nil {
+		c.JSON(http.StatusBadRequest, ExternalTokenResponse{
+			Success: false,
+			Error:   fmt.Sprintf("认证失败（重试 %d 次后）: %v", maxRetries, lastErr),
+		})
+		return
+	}
+
+	// 解析 Token 获取详细信息
+	if payload, err := service.ParseJWT(account.AccessToken); err == nil {
+		account.Email = payload.Email
+		account.SubscriptionStartDate = service.GetSubscriptionDate(payload)
+		
+		if payload.Expiration > 0 {
+			account.TokenExpiry = time.Unix(payload.Expiration, 0)
+		}
+
+		plan := payload.CustomClaims.Plan
+		if plan != "" {
+			plan = strings.ToUpper(plan[:1]) + plan[1:]
+		}
+		if plan != "" {
+			account.PlanType = model.PlanType(plan)
+		}
+	}
+	if account.PlanType == "" {
+		account.PlanType = model.PlanFree
+	}
+
+	// 检查是否已存在
+	var existing model.Account
+	var count int64
+	database.GetDB().Model(&model.Account{}).Where("client_id = ?", account.ClientID).Count(&count)
+	if count > 0 {
+		// 获取现有账号
+		database.GetDB().Where("client_id = ?", account.ClientID).First(&existing)
+		// 更新现有账号
+		existing.AccessToken = account.AccessToken
+		existing.TokenExpiry = account.TokenExpiry
+		existing.PlanType = account.PlanType
+		existing.Email = account.Email
+		existing.SubscriptionStartDate = account.SubscriptionStartDate
+		existing.IsActive = true
+		existing.Status = "normal" // 重新激活
+		existing.ClientSecret = account.ClientSecret
+		if account.Proxy != "" {
+			existing.Proxy = account.Proxy
+		}
+
+		if err := database.GetDB().Save(&existing).Error; err != nil {
+			c.JSON(http.StatusInternalServerError, ExternalTokenResponse{
+				Success: false,
+				Error:   fmt.Sprintf("更新失败: %v", err),
+			})
+			return
+		}
+		
+		log.Printf("[外部API] 账号更新成功: ClientID=%s, Email=%s, Plan=%s", existing.ClientID, existing.Email, existing.PlanType)
+		c.JSON(http.StatusOK, ExternalTokenResponse{
+			Success: true,
+			Message: "账号更新成功",
+			Account: &existing,
+		})
+	} else {
+		// 创建新账号
+		if err := database.GetDB().Create(&account).Error; err != nil {
+			c.JSON(http.StatusInternalServerError, ExternalTokenResponse{
+				Success: false,
+				Error:   fmt.Sprintf("创建失败: %v", err),
+			})
+			return
+		}
+		
+		log.Printf("[外部API] 新账号创建成功: ClientID=%s, Email=%s, Plan=%s", account.ClientID, account.Email, account.PlanType)
+		c.JSON(http.StatusCreated, ExternalTokenResponse{
+			Success: true,
+			Message: "账号创建成功",
+			Account: &account,
+		})
+	}
+}

internal/handler/gemini.go

@@ -0,0 +1,77 @@
+package handler
+
+import (
+	"crypto/rand"
+	"encoding/hex"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"strings"
+
+	"github.com/gin-gonic/gin"
+	"zencoder-2api/internal/service"
+)
+
+type GeminiHandler struct {
+	svc *service.GeminiService
+}
+
+func NewGeminiHandler() *GeminiHandler {
+	return &GeminiHandler{svc: service.NewGeminiService()}
+}
+
+// generateTraceID 生成一个随机的 trace ID
+func generateGeminiTraceID() string {
+	b := make([]byte, 16)
+	rand.Read(b)
+	return hex.EncodeToString(b)
+}
+
+// HandleRequest 处理 POST /v1beta/models/*path
+// 路径格式: /model:action 例如 /gemini-3-flash-preview:streamGenerateContent
+func (h *GeminiHandler) HandleRequest(c *gin.Context) {
+	path := c.Param("path")
+	// 去掉开头的斜杠
+	path = strings.TrimPrefix(path, "/")
+
+	// 解析 model:action
+	parts := strings.SplitN(path, ":", 2)
+	if len(parts) != 2 {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid path format"})
+		return
+	}
+
+	modelName := parts[0]
+	action := parts[1]
+
+	body, err := io.ReadAll(c.Request.Body)
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	switch action {
+	case "generateContent":
+		if err := h.svc.GenerateContentProxy(c.Request.Context(), c.Writer, modelName, body); err != nil {
+			h.handleError(c, err)
+		}
+	case "streamGenerateContent":
+		if err := h.svc.StreamGenerateContentProxy(c.Request.Context(), c.Writer, modelName, body); err != nil {
+			h.handleError(c, err)
+		}
+	default:
+		c.JSON(http.StatusBadRequest, gin.H{"error": "unsupported action: " + action})
+	}
+}
+
+// handleError 统一处理错误，特别是没有可用账号的错误
+func (h *GeminiHandler) handleError(c *gin.Context, err error) {
+	if errors.Is(err, service.ErrNoAvailableAccount) || errors.Is(err, service.ErrNoPermission) {
+		traceID := generateGeminiTraceID()
+		errMsg := fmt.Sprintf("没有可用token（traceid: %s）", traceID)
+		c.JSON(http.StatusServiceUnavailable, gin.H{"error": errMsg})
+		return
+	}
+	c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+}

internal/handler/grok.go

@@ -0,0 +1,53 @@
+package handler
+
+import (
+	"crypto/rand"
+	"encoding/hex"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+
+	"zencoder-2api/internal/service"
+
+	"github.com/gin-gonic/gin"
+)
+
+type GrokHandler struct {
+	svc *service.GrokService
+}
+
+func NewGrokHandler() *GrokHandler {
+	return &GrokHandler{svc: service.NewGrokService()}
+}
+
+// generateTraceID 生成一个随机的 trace ID
+func generateGrokTraceID() string {
+	b := make([]byte, 16)
+	rand.Read(b)
+	return hex.EncodeToString(b)
+}
+
+// ChatCompletions 处理 POST /v1/chat/completions (xAI)
+func (h *GrokHandler) ChatCompletions(c *gin.Context) {
+	body, err := io.ReadAll(c.Request.Body)
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	if err := h.svc.ChatCompletionsProxy(c.Request.Context(), c.Writer, body); err != nil {
+		h.handleError(c, err)
+	}
+}
+
+// handleError 统一处理错误，特别是没有可用账号的错误
+func (h *GrokHandler) handleError(c *gin.Context, err error) {
+	if errors.Is(err, service.ErrNoAvailableAccount) || errors.Is(err, service.ErrNoPermission) {
+		traceID := generateGrokTraceID()
+		errMsg := fmt.Sprintf("没有可用token（traceid: %s）", traceID)
+		c.JSON(http.StatusServiceUnavailable, gin.H{"error": errMsg})
+		return
+	}
+	c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+}

internal/handler/oauth.go

@@ -0,0 +1,331 @@
+package handler
+
+import (
+	"bytes"
+	"crypto/rand"
+	"crypto/sha256"
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"net/url"
+	"sync"
+	"time"
+
+	"github.com/gin-gonic/gin"
+)
+
+// PKCESession 存储PKCE会话信息
+type PKCESession struct {
+	CodeVerifier string
+	CreatedAt    time.Time
+}
+
+// PKCESessionStore 内存中存储PKCE会话
+type PKCESessionStore struct {
+	sync.RWMutex
+	sessions map[string]*PKCESession
+}
+
+// 全局PKCE会话存储
+var pkceStore = &PKCESessionStore{
+	sessions: make(map[string]*PKCESession),
+}
+
+// OAuthHandler OAuth相关处理器
+type OAuthHandler struct {
+}
+
+// NewOAuthHandler 创建OAuth处理器
+func NewOAuthHandler() *OAuthHandler {
+	// 启动清理过期会话的定时器
+	go cleanupExpiredSessions()
+	
+	return &OAuthHandler{}
+}
+
+// StartOAuthForRT 开始OAuth流程获取RT
+func (h *OAuthHandler) StartOAuthForRT(c *gin.Context) {
+	// 生成PKCE参数
+	codeVerifier, err := generateCodeVerifier(32)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{
+			"error": "生成PKCE参数失败",
+		})
+		return
+	}
+	
+	// 生成code_challenge
+	codeChallenge := generateCodeChallenge(codeVerifier)
+	
+	// 生成会话ID
+	sessionID, err := generateSessionID()
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{
+			"error": "生成会话ID失败",
+		})
+		return
+	}
+	
+	// 存储会话
+	pkceStore.Lock()
+	pkceStore.sessions[sessionID] = &PKCESession{
+		CodeVerifier: codeVerifier,
+		CreatedAt:    time.Now(),
+	}
+	pkceStore.Unlock()
+	
+	// 获取回调URL
+	scheme := "http"
+	if c.Request.TLS != nil {
+		scheme = "https"
+	}
+	host := c.Request.Host
+	
+	callbackURL := fmt.Sprintf("%s://%s/api/oauth/callback-rt?session=%s", 
+		scheme, host, sessionID)
+	
+	// 构建state参数
+	state := map[string]string{
+		"redirectUri":   callbackURL,
+		"codeChallenge": codeChallenge,
+		"sessionId":     sessionID,
+	}
+	stateJSON, _ := json.Marshal(state)
+	
+	// 构建授权URL
+	params := url.Values{
+		"state":                       {string(stateJSON)},
+		"response_type":               {"code"},
+		"client_id":                   {"5948a5c5-4b30-4465-a3f2-2136ea53ea0a"},
+		"scope":                       {"openid profile email"},
+		"redirect_uri":                {"https://auth.zencoder.ai/extension/auth-success"},
+		"code_challenge":              {codeChallenge},
+		"code_challenge_method":       {"S256"},
+	}
+	
+	authURL := fmt.Sprintf("https://fe.zencoder.ai/oauth/authorize?%s", params.Encode())
+	
+	// 重定向到授权页面
+	c.Redirect(http.StatusFound, authURL)
+}
+
+// CallbackOAuthForRT 处理OAuth回调
+func (h *OAuthHandler) CallbackOAuthForRT(c *gin.Context) {
+	code := c.Query("code")
+	sessionID := c.Query("session")
+	
+	// 验证参数
+	if code == "" || sessionID == "" {
+		h.renderCallbackPage(c, false, "", "", "缺少必要参数")
+		return
+	}
+	
+	// 获取会话
+	pkceStore.RLock()
+	session, exists := pkceStore.sessions[sessionID]
+	pkceStore.RUnlock()
+	
+	if !exists {
+		h.renderCallbackPage(c, false, "", "", "会话已过期，请重新获取")
+		return
+	}
+	
+	// 交换token
+	tokenResp, err := h.exchangeCodeForToken(code, session.CodeVerifier)
+	if err != nil {
+		h.renderCallbackPage(c, false, "", "", fmt.Sprintf("获取Token失败: %v", err))
+		return
+	}
+	
+	// 清理会话
+	pkceStore.Lock()
+	delete(pkceStore.sessions, sessionID)
+	pkceStore.Unlock()
+	
+	// 渲染成功页面，传递access token和refresh token
+	h.renderCallbackPage(c, true, tokenResp.AccessToken, tokenResp.RefreshToken, "")
+}
+
+// exchangeCodeForToken 用授权码换取token
+func (h *OAuthHandler) exchangeCodeForToken(code, codeVerifier string) (*OAuthTokenResponse, error) {
+	tokenURL := "https://auth.zencoder.ai/api/frontegg/oauth/token"
+	
+	payload := map[string]string{
+		"code":          code,
+		"redirect_uri":  "https://auth.zencoder.ai/extension/auth-success",
+		"code_verifier": codeVerifier,
+		"grant_type":    "authorization_code",
+	}
+	
+	body, _ := json.Marshal(payload)
+	
+	req, err := http.NewRequest("POST", tokenURL, bytes.NewReader(body))
+	if err != nil {
+		return nil, err
+	}
+	
+	// 设置请求头
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("x-frontegg-sdk", "@frontegg/nextjs@9.2.10")
+	req.Header.Set("x-frontegg-framework", "next@15.3.8")
+	req.Header.Set("Origin", "https://auth.zencoder.ai")
+	req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36")
+	
+	client := &http.Client{Timeout: 30 * time.Second}
+	resp, err := client.Do(req)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+	
+	if resp.StatusCode != http.StatusOK {
+		return nil, fmt.Errorf("token exchange failed with status %d", resp.StatusCode)
+	}
+	
+	var tokenResp OAuthTokenResponse
+	if err := json.NewDecoder(resp.Body).Decode(&tokenResp); err != nil {
+		return nil, err
+	}
+	
+	return &tokenResp, nil
+}
+
+// renderCallbackPage 渲染回调页面
+func (h *OAuthHandler) renderCallbackPage(c *gin.Context, success bool, accessToken, refreshToken, errorMsg string) {
+	html := `
+<!DOCTYPE html>
+<html lang="zh-CN">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>OAuth认证</title>
+    <script src="https://cdn.tailwindcss.com"></script>
+</head>
+<body class="bg-gray-50 dark:bg-gray-900 min-h-screen flex items-center justify-center">
+    <div class="max-w-md w-full mx-4">
+        <div class="bg-white dark:bg-gray-800 rounded-lg shadow-lg p-8">
+`
+	
+	if success {
+		html += fmt.Sprintf(`
+	           <div class="text-center">
+	               <div class="mx-auto flex items-center justify-center h-12 w-12 rounded-full bg-green-100">
+	                   <svg class="h-6 w-6 text-green-600" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+	                       <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M5 13l4 4L19 7"></path>
+	                   </svg>
+	               </div>
+	               <h2 class="mt-4 text-xl font-semibold text-gray-900 dark:text-white">认证成功！</h2>
+	               <p class="mt-2 text-sm text-gray-600 dark:text-gray-400">正在返回并填充Token...</p>
+	           </div>
+	           <script>
+	               // 发送消息给父窗口
+	               if (window.opener) {
+	                   window.opener.postMessage({
+	                       type: 'oauth-rt-complete',
+	                       success: true,
+	                       accessToken: '%s',
+	                       refreshToken: '%s'
+	                   }, window.location.origin);
+	                   
+	                   // 2秒后关闭窗口
+	                   setTimeout(() => {
+	                       window.close();
+	                   }, 2000);
+	               }
+	           </script>
+`, accessToken, refreshToken)
+	} else {
+		html += fmt.Sprintf(`
+            <div class="text-center">
+                <div class="mx-auto flex items-center justify-center h-12 w-12 rounded-full bg-red-100">
+                    <svg class="h-6 w-6 text-red-600" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+                        <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M6 18L18 6M6 6l12 12"></path>
+                    </svg>
+                </div>
+                <h2 class="mt-4 text-xl font-semibold text-gray-900 dark:text-white">认证失败</h2>
+                <p class="mt-2 text-sm text-gray-600 dark:text-gray-400">%s</p>
+                <button onclick="window.close()" class="mt-4 px-4 py-2 bg-gray-600 text-white rounded-lg hover:bg-gray-700 transition-colors">
+                    关闭窗口
+                </button>
+            </div>
+            <script>
+                // 发送错误消息给父窗口
+                if (window.opener) {
+                    window.opener.postMessage({
+                        type: 'oauth-rt-complete',
+                        success: false,
+                        error: '%s'
+                    }, window.location.origin);
+                }
+            </script>
+`, errorMsg, errorMsg)
+	}
+	
+	html += `
+        </div>
+    </div>
+</body>
+</html>
+`
+	
+	c.Header("Content-Type", "text/html; charset=utf-8")
+	c.String(http.StatusOK, html)
+}
+
+// OAuthTokenResponse OAuth token响应
+type OAuthTokenResponse struct {
+	AccessToken  string `json:"access_token"`
+	RefreshToken string `json:"refresh_token"`
+	TokenType    string `json:"token_type"`
+	ExpiresIn    int    `json:"expires_in"`
+}
+
+// generateCodeVerifier 生成PKCE code_verifier
+func generateCodeVerifier(length int) (string, error) {
+	const chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~"
+	result := make([]byte, length)
+	randomBytes := make([]byte, length)
+	
+	if _, err := rand.Read(randomBytes); err != nil {
+		return "", err
+	}
+	
+	for i := 0; i < length; i++ {
+		result[i] = chars[int(randomBytes[i])%len(chars)]
+	}
+	
+	return string(result), nil
+}
+
+// generateCodeChallenge 生成PKCE code_challenge
+func generateCodeChallenge(codeVerifier string) string {
+	hash := sha256.Sum256([]byte(codeVerifier))
+	return base64.RawURLEncoding.EncodeToString(hash[:])
+}
+
+// generateSessionID 生成会话ID
+func generateSessionID() (string, error) {
+	b := make([]byte, 16)
+	if _, err := rand.Read(b); err != nil {
+		return "", err
+	}
+	return base64.URLEncoding.EncodeToString(b), nil
+}
+
+// cleanupExpiredSessions 清理过期的PKCE会话
+func cleanupExpiredSessions() {
+	ticker := time.NewTicker(5 * time.Minute)
+	defer ticker.Stop()
+	
+	for range ticker.C {
+		pkceStore.Lock()
+		now := time.Now()
+		for id, session := range pkceStore.sessions {
+			if now.Sub(session.CreatedAt) > 10*time.Minute {
+				delete(pkceStore.sessions, id)
+			}
+		}
+		pkceStore.Unlock()
+	}
+}

internal/handler/openai.go

@@ -0,0 +1,96 @@
+package handler
+
+import (
+	"crypto/rand"
+	"encoding/hex"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+	"zencoder-2api/internal/model"
+	"zencoder-2api/internal/service"
+)
+
+type OpenAIHandler struct {
+	svc     *service.OpenAIService
+	grokSvc *service.GrokService
+}
+
+func NewOpenAIHandler() *OpenAIHandler {
+	return &OpenAIHandler{
+		svc:     service.NewOpenAIService(),
+		grokSvc: service.NewGrokService(),
+	}
+}
+
+// generateTraceID 生成一个随机的 trace ID
+func generateTraceID() string {
+	b := make([]byte, 16)
+	rand.Read(b)
+	return hex.EncodeToString(b)
+}
+
+// ChatCompletions 处理 POST /v1/chat/completions
+func (h *OpenAIHandler) ChatCompletions(c *gin.Context) {
+	body, err := io.ReadAll(c.Request.Body)
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	// 解析模型名以确定使用哪个服务
+	var req struct {
+		Model string `json:"model"`
+	}
+	if err := json.Unmarshal(body, &req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	// 根据模型的 ProviderID 分流
+	zenModel, exists := model.GetZenModel(req.Model)
+	if !exists {
+		// 模型不存在，返回错误
+		h.handleError(c, service.ErrNoAvailableAccount)
+		return
+	}
+	if zenModel.ProviderID == "xai" {
+		// Grok 模型使用 xAI 服务
+		if err := h.grokSvc.ChatCompletionsProxy(c.Request.Context(), c.Writer, body); err != nil {
+			h.handleError(c, err)
+		}
+		return
+	}
+
+	// 其他模型使用 OpenAI 服务
+	if err := h.svc.ChatCompletionsProxy(c.Request.Context(), c.Writer, body); err != nil {
+		h.handleError(c, err)
+	}
+}
+
+// Responses 处理 POST /v1/responses
+func (h *OpenAIHandler) Responses(c *gin.Context) {
+	body, err := io.ReadAll(c.Request.Body)
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	if err := h.svc.ResponsesProxy(c.Request.Context(), c.Writer, body); err != nil {
+		h.handleError(c, err)
+	}
+}
+
+// handleError 统一处理错误，特别是没有可用账号的错误
+func (h *OpenAIHandler) handleError(c *gin.Context, err error) {
+	if errors.Is(err, service.ErrNoAvailableAccount) || errors.Is(err, service.ErrNoPermission) {
+		traceID := generateTraceID()
+		errMsg := fmt.Sprintf("没有可用token（traceid: %s）", traceID)
+		c.JSON(http.StatusServiceUnavailable, gin.H{"error": errMsg})
+		return
+	}
+	c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+}

internal/handler/token.go

@@ -0,0 +1,270 @@
+package handler
+
+import (
+	"net/http"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/gin-gonic/gin"
+	"zencoder-2api/internal/database"
+	"zencoder-2api/internal/model"
+	"zencoder-2api/internal/service"
+)
+
+type TokenHandler struct{}
+
+func NewTokenHandler() *TokenHandler {
+	return &TokenHandler{}
+}
+
+// ListTokenRecords 获取所有token记录
+func (h *TokenHandler) ListTokenRecords(c *gin.Context) {
+	records, err := service.GetAllTokenRecords()
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+		return
+	}
+
+	// 获取每个token的生成任务统计
+	var enrichedRecords []map[string]interface{}
+	for _, record := range records {
+		// 统计该token的任务信息
+		var taskStats struct {
+			TotalTasks    int64 `json:"total_tasks"`
+			TotalSuccess  int64 `json:"total_success"`
+			TotalFail     int64 `json:"total_fail"`
+			RunningTasks  int64 `json:"running_tasks"`
+		}
+		
+		db := database.GetDB()
+		db.Model(&model.GenerationTask{}).Where("token_record_id = ?", record.ID).Count(&taskStats.TotalTasks)
+		db.Model(&model.GenerationTask{}).Where("token_record_id = ?", record.ID).
+			Select("COALESCE(SUM(success_count), 0)").Scan(&taskStats.TotalSuccess)
+		db.Model(&model.GenerationTask{}).Where("token_record_id = ?", record.ID).
+			Select("COALESCE(SUM(fail_count), 0)").Scan(&taskStats.TotalFail)
+		db.Model(&model.GenerationTask{}).Where("token_record_id = ? AND status = ?", record.ID, "running").
+			Count(&taskStats.RunningTasks)
+
+		// 解析JWT获取用户信息
+		var email string
+		var planType string
+		var subscriptionStartDate time.Time
+		if record.Token != "" {
+			if payload, err := service.ParseJWT(record.Token); err == nil {
+				email = payload.Email
+				planType = payload.CustomClaims.Plan
+				if planType != "" {
+					planType = strings.ToUpper(planType[:1]) + planType[1:]
+				}
+				// 获取订阅开始时间
+				subscriptionStartDate = service.GetSubscriptionDate(payload)
+			}
+		}
+
+		enrichedRecord := map[string]interface{}{
+			"id":                      record.ID,
+			"description":             record.Description,
+			"generated_count":         record.GeneratedCount,
+			"last_generated_at":       record.LastGeneratedAt,
+			"auto_generate":           record.AutoGenerate,
+			"threshold":               record.Threshold,
+			"generate_batch":          record.GenerateBatch,
+			"is_active":               record.IsActive,
+			"created_at":              record.CreatedAt,
+			"updated_at":              record.UpdatedAt,
+			"token_expiry":            record.TokenExpiry,
+			"status":                  record.Status,
+			"ban_reason":              record.BanReason,
+			"email":                   email,
+			"plan_type":               planType,
+			"subscription_start_date": subscriptionStartDate,
+			"has_refresh_token":       record.RefreshToken != "",
+			"total_tasks":             taskStats.TotalTasks,
+			"total_success":           taskStats.TotalSuccess,
+			"total_fail":              taskStats.TotalFail,
+			"running_tasks":           taskStats.RunningTasks,
+		}
+		enrichedRecords = append(enrichedRecords, enrichedRecord)
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"items": enrichedRecords,
+		"total": len(enrichedRecords),
+	})
+}
+
+// UpdateTokenRecord 更新token记录配置
+func (h *TokenHandler) UpdateTokenRecord(c *gin.Context) {
+	id := c.Param("id")
+	tokenID, err := strconv.ParseUint(id, 10, 32)
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid id"})
+		return
+	}
+
+	var req struct {
+		AutoGenerate  *bool `json:"auto_generate"`
+		Threshold     *int  `json:"threshold"`
+		GenerateBatch *int  `json:"generate_batch"`
+		IsActive      *bool `json:"is_active"`
+		Description   string `json:"description"`
+	}
+
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	updates := make(map[string]interface{})
+	if req.AutoGenerate != nil {
+		updates["auto_generate"] = *req.AutoGenerate
+	}
+	if req.Threshold != nil {
+		updates["threshold"] = *req.Threshold
+	}
+	if req.GenerateBatch != nil {
+		updates["generate_batch"] = *req.GenerateBatch
+	}
+	if req.IsActive != nil {
+		updates["is_active"] = *req.IsActive
+	}
+	if req.Description != "" {
+		updates["description"] = req.Description
+	}
+
+	if err := service.UpdateTokenRecord(uint(tokenID), updates); err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{"message": "updated"})
+}
+
+// GetGenerationTasks 获取生成任务历史
+func (h *TokenHandler) GetGenerationTasks(c *gin.Context) {
+	tokenRecordID := c.Query("token_record_id")
+	var tokenID uint
+	if tokenRecordID != "" {
+		id, err := strconv.ParseUint(tokenRecordID, 10, 32)
+		if err != nil {
+			c.JSON(http.StatusBadRequest, gin.H{"error": "invalid token_record_id"})
+			return
+		}
+		tokenID = uint(id)
+	}
+
+	tasks, err := service.GetGenerationTasks(tokenID)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"items": tasks,
+		"total": len(tasks),
+	})
+}
+
+// TriggerGeneration 手动触发生成
+func (h *TokenHandler) TriggerGeneration(c *gin.Context) {
+	id := c.Param("id")
+	tokenID, err := strconv.ParseUint(id, 10, 32)
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid id"})
+		return
+	}
+
+	if err := service.ManualTriggerGeneration(uint(tokenID)); err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{"message": "生成任务已触发"})
+}
+
+// GetPoolStatus 获取号池状态
+func (h *TokenHandler) GetPoolStatus(c *gin.Context) {
+	db := database.GetDB()
+	
+	var stats struct {
+		TotalAccounts   int64 `json:"total_accounts"`
+		NormalAccounts  int64 `json:"normal_accounts"`
+		CoolingAccounts int64 `json:"cooling_accounts"`
+		BannedAccounts  int64 `json:"banned_accounts"`
+		ErrorAccounts   int64 `json:"error_accounts"`
+		DisabledAccounts int64 `json:"disabled_accounts"`
+		ActiveTokens    int64 `json:"active_tokens"`
+		RunningTasks    int64 `json:"running_tasks"`
+	}
+
+	// 统计账号状态
+	db.Model(&model.Account{}).Count(&stats.TotalAccounts)
+	db.Model(&model.Account{}).Where("status = ?", "normal").Count(&stats.NormalAccounts)
+	db.Model(&model.Account{}).Where("status = ?", "cooling").Count(&stats.CoolingAccounts)
+	db.Model(&model.Account{}).Where("status = ?", "banned").Count(&stats.BannedAccounts)
+	db.Model(&model.Account{}).Where("status = ?", "error").Count(&stats.ErrorAccounts)
+	db.Model(&model.Account{}).Where("status = ?", "disabled").Count(&stats.DisabledAccounts)
+	
+	// 统计激活的token
+	db.Model(&model.TokenRecord{}).Where("is_active = ?", true).Count(&stats.ActiveTokens)
+	
+	// 统计运行中的任务
+	db.Model(&model.GenerationTask{}).Where("status = ?", "running").Count(&stats.RunningTasks)
+
+	c.JSON(http.StatusOK, stats)
+}
+
+// DeleteTokenRecord 删除token记录
+func (h *TokenHandler) DeleteTokenRecord(c *gin.Context) {
+	id := c.Param("id")
+	tokenID, err := strconv.ParseUint(id, 10, 32)
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid id"})
+		return
+	}
+
+	// 开启事务，确保删除操作的原子性
+	db := database.GetDB()
+	tx := db.Begin()
+	
+	// 先删除所有关联的生成任务历史记录
+	if err := tx.Where("token_record_id = ?", tokenID).Delete(&model.GenerationTask{}).Error; err != nil {
+		tx.Rollback()
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "删除关联任务失败: " + err.Error()})
+		return
+	}
+	
+	// 删除token记录本身
+	if err := tx.Delete(&model.TokenRecord{}, tokenID).Error; err != nil {
+		tx.Rollback()
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "删除token记录失败: " + err.Error()})
+		return
+	}
+	
+	// 提交事务
+	if err := tx.Commit().Error; err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "提交事务失败: " + err.Error()})
+		return
+	}
+	
+	c.JSON(http.StatusOK, gin.H{"message": "token及其所有历史记录已删除"})
+}
+
+// RefreshTokenRecord 刷新token记录
+func (h *TokenHandler) RefreshTokenRecord(c *gin.Context) {
+	id := c.Param("id")
+	tokenID, err := strconv.ParseUint(id, 10, 32)
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid id"})
+		return
+	}
+
+	// 调用service层的刷新函数
+	if err := service.RefreshTokenAndAccounts(uint(tokenID)); err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{"message": "Token刷新成功，相关账号刷新已启动"})
+}