447 Commits

Author SHA1 Message Date
EUForest
17163486f6 fix(subscribe): fix user subscription node retrieval logic to support directly assigned nodes 2026-03-10 18:29:19 +08:00
EUForest
884310d951 feat(routes): register admin authentication and captcha endpoints
- Register /v1/auth/captcha/generate route for user captcha
- Register /v1/auth/admin/login route for admin login
- Register /v1/auth/admin/reset-password route for admin password reset
- Register /v1/auth/admin/captcha/generate route for admin captcha
- Add admin authentication route group
2026-03-09 22:56:20 +08:00
EUForest
3ca471f58c refactor(auth): move captcha verification from handler to logic layer
- Remove duplicate captcha verification from user login handler
- Remove duplicate captcha verification from user register handler
- Remove duplicate captcha verification from password reset handler
- Remove duplicate captcha verification from phone login handler
- Remove duplicate captcha verification from phone register handler
- Update phone reset password handler structure
- Improve separation of concerns between handler and logic layers
- Handlers now only handle HTTP request/response, logic handles business rules
2026-03-09 22:56:07 +08:00
EUForest
fae77a8954 feat(auth): add captcha verification to phone authentication
- Add verifyCaptcha method to phone login logic
- Add verifyCaptcha method to phone registration logic
- Support both local and Turnstile captcha verification
- Check EnableUserLoginCaptcha for phone login
- Check EnableUserRegisterCaptcha for phone registration
- Validate captcha before processing phone authentication
2026-03-09 22:55:23 +08:00
EUForest
cea3e31f3a feat(auth): add captcha verification to user email authentication
- Add verifyCaptcha method to user login logic
- Add verifyCaptcha method to user registration logic
- Add verifyCaptcha method to password reset logic
- Support both local and Turnstile captcha verification
- Check respective configuration flags before verification
- Validate captcha code and ID for local captcha
- Validate Turnstile token for Turnstile mode
2026-03-09 22:55:08 +08:00
EUForest
9aaffec61d feat(auth): add admin authentication with permission checks
- Add admin login handler and logic with IsAdmin verification
- Add admin password reset handler and logic
- Add admin captcha generation handler and logic
- Implement device binding for admin login
- Add login logging for admin authentication
- Check EnableAdminLoginCaptcha configuration
- Separate admin authentication from user authentication
- Verify admin permission before allowing access
2026-03-09 22:54:59 +08:00
EUForest
2afb86f973 feat(auth): add user captcha generation endpoint
- Add handler for /v1/auth/captcha/generate endpoint
- Implement captcha generation logic based on configuration
- Support local image captcha generation with Redis storage
- Return Turnstile site key for Turnstile mode
- Check EnableUserLoginCaptcha configuration
2026-03-09 22:54:47 +08:00
EUForest
5727708bbd feat(config): add captcha configuration to global config response
- Add CaptchaType field to verify config
- Add EnableUserLoginCaptcha field
- Add EnableUserRegisterCaptcha field
- Add EnableAdminLoginCaptcha field
- Add EnableUserResetPasswordCaptcha field
- Expose captcha configuration to frontend
2026-03-09 22:54:33 +08:00
EUForest
f224d09d09 feat(types): update request types with captcha fields
- Add CaptchaId and CaptchaCode to UserLoginRequest
- Add CaptchaId and CaptchaCode to UserRegisterRequest
- Add CaptchaId and CaptchaCode to ResetPasswordRequest
- Add CaptchaId and CaptchaCode to TelephoneLoginRequest
- Add CaptchaId and CaptchaCode to TelephoneUserRegisterRequest
- Add CaptchaId and CaptchaCode to TelephoneResetPasswordRequest
- Add GenerateCaptchaResponse type
- Add AdminLoginRequest and AdminResetPasswordRequest types
2026-03-09 22:54:21 +08:00
EUForest
eb327b26b9 feat(api): add captcha fields and admin authentication endpoints
- Add CaptchaId and CaptchaCode fields to login/register/reset requests
- Add /v1/auth/captcha/generate endpoint for user captcha generation
- Add /v1/auth/admin/login endpoint for admin authentication
- Add /v1/auth/admin/reset-password endpoint for admin password reset
- Add /v1/auth/admin/captcha/generate endpoint for admin captcha generation
- Update GlobalConfigResponse with new verify configuration fields
- Add GenerateCaptchaResponse type for captcha generation
2026-03-09 22:54:08 +08:00
EUForest
0f6fddc36d feat(error): add PermissionDenied error code
- Add error code 40008 for permission denied scenarios
- Add corresponding error message for admin permission checks
2026-03-09 22:53:59 +08:00
EUForest
2fd22c97e0 feat(migration): add captcha configuration migration
- Add CaptchaType field for selecting captcha implementation
- Add EnableUserLoginCaptcha for user login verification
- Add EnableUserRegisterCaptcha for user registration verification
- Add EnableAdminLoginCaptcha for admin login verification
- Add EnableUserResetPasswordCaptcha for password reset verification
- Remove deprecated EnableLoginVerify, EnableRegisterVerify, EnableResetPasswordVerify fields
- Support rollback with down migration
2026-03-09 22:53:45 +08:00
EUForest
36119b842c build(deps): add base64Captcha library for local captcha generation
- Add github.com/mojocn/base64Captcha v1.3.6
- Add github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0 (indirect)
- Add golang.org/x/image v0.23.0 (indirect)
2026-03-09 22:53:34 +08:00
EUForest
0dbcff85f1 feat(captcha): add captcha service interface and implementations
- Add captcha service interface with Generate and Verify methods
- Implement local image captcha using base64Captcha library
- Implement Cloudflare Turnstile verification wrapper
- Support Redis-based captcha storage with 5-minute expiration
- Add factory method for creating captcha service instances
2026-03-09 22:53:13 +08:00
EUForest
fae8787ff4 Merge branch 'master' of https://github.com/OmnTeam/ppanel-server 2026-03-08 23:24:05 +08:00
EUForest
39310d5b9a Features:
- Node group CRUD operations with traffic-based filtering
  - Three grouping modes: average distribution, subscription-based, and traffic-based
  - Automatic and manual group recalculation with history tracking
  - Group assignment preview before applying changes
  - User subscription group locking to prevent automatic reassignment
  - Subscribe-to-group mapping configuration
  - Group calculation history and detailed reports
  - System configuration for group management (enabled/mode/auto_create)

  Database:
  - Add node_group table for group definitions
  - Add group_history and group_history_detail tables for tracking
  - Add node_group_ids (JSON) to nodes and subscribe tables
  - Add node_group_id and group_locked fields to user_subscribe table
  - Add migration files for schema changes
2026-03-08 23:22:38 +08:00
EUForest
e215ffcae9 fix(subscribe): invalidate user subscription cache when plan is updated
When administrators update subscription plan configurations (traffic limits,
nodes, speed limits, etc.), existing subscribers were not seeing the updated
settings immediately. This was caused by stale cache entries that were not
being invalidated.

The issue occurred because:
- User subscription queries cache the entire result including preloaded plan details
- Plan update/delete operations only cleared the plan's own cache keys
- User subscription cache keys (cache:user:subscribe:user:{userId}) remained stale

This fix ensures that when a subscription plan is updated or deleted, all
associated user subscription caches are properly invalidated by:
- Querying all active users subscribed to the plan
- Building cache keys for each affected user
- Clearing both plan and user subscription caches atomically

Users will now immediately see updated plan configurations without waiting
for cache expiration.
2026-03-06 13:26:31 +08:00
EUForest
7d46b31866 fix bug: delete user subscribe 2026-02-14 00:41:24 +08:00
EUForest
31e75efacb Merge upstream/master into master 2026-02-13 23:06:43 +08:00
EUForest
2d4d926924 Merge branch 'master' of https://github.com/OmnTeam/ppanel-server 2026-02-13 21:41:36 +08:00
EUForest
7197f5dcf6 feat(stripe): update webhook event construction to ignore API version mismatches 2026-02-11 17:29:53 +08:00
EUForest
9ad602aabe fix(migration): remove IF NOT EXISTS for MySQL compatibility
Remove IF NOT EXISTS clause from CREATE INDEX statement to ensure
compatibility with older MySQL versions. Migration framework ensures
each migration runs only once, making the clause unnecessary.
2026-02-10 00:45:17 +08:00
EUForest
bacdf2f301 fix(migration): correct SQL syntax for traffic_log index creation
Change ALTER TABLE ADD INDEX IF NOT EXISTS to CREATE INDEX IF NOT EXISTS
to comply with MySQL syntax requirements. The IF NOT EXISTS clause is
only supported with CREATE INDEX statement, not with ALTER TABLE ADD INDEX.
2026-02-10 00:25:40 +08:00
EUForest
0883fb9370 fix(ci): handle existing releases and assets in deploy workflow
- Check if release exists before creating
- Delete old assets if they exist
- Use --clobber flag to overwrite existing assets
- Prevent 'already exists' errors on tag force-push
2026-02-09 01:12:20 +08:00
EUForest
34372fe0b3 fix(redemption): enhance redemption code flow with transaction safety and idempotency
This commit addresses critical issues in the redemption code activation flow
to ensure data consistency, prevent duplicate redemptions, and improve user
experience.

Key improvements:

1. Transaction Safety (P0)
   - Wrap subscription creation, used count update, and record insertion in
     a single database transaction
   - Ensure atomicity: all operations succeed or all rollback
   - Prevent orphaned records and data inconsistencies

2. Idempotency Protection (P0)
   - Add redemption record check before processing to prevent duplicate
     operations on queue task retries
   - Maintain idempotency at multiple layers: interface, order, and record

3. Distributed Lock (P1)
   - Implement Redis-based distributed lock (10s timeout) to prevent
     concurrent duplicate redemptions
   - Lock key format: redemption_lock:{user_id}:{code}

4. IsNew Field Correction (P2)
   - Fix IsNew field to correctly determine first-time purchases using
     IsUserEligibleForNewOrder method
   - Ensure accurate statistics and future commission calculations

5. Quota Pre-check (P2)
   - Add quota validation at interface layer for immediate user feedback
   - Prevent "processing" status followed by eventual failure

6. Extended Cache TTL (P2)
   - Increase Redis cache expiration from 30 minutes to 2 hours
   - Ensure queue tasks can retrieve redemption data even with delays

7. Error Handling (P2)
   - Clean up Order records when Redis cache or queue enqueue fails
   - Prevent orphaned Order records in the database

8. Cache Clearing Optimization
   - Add user subscription cache clearing after activation
   - Ensure both node-side and user-side display latest subscription info

Technical details:
- Modified: internal/logic/public/redemption/redeemCodeLogic.go
- Modified: queue/logic/order/activateOrderLogic.go
- Modified: internal/model/redemption/default.go (transaction support)

Testing:
- All changes compiled successfully
- Comprehensive flow verification completed
- Ready for production deployment

BREAKING CHANGE: None
2026-02-09 01:07:39 +08:00
EUForest
8022710720 update: config file 2026-02-08 21:27:40 +08:00
Chang lue Tsen
b6a1739efa refactor(routes): rename server group router for clarity and consistency 2026-02-08 06:47:06 -05:00
Chang lue Tsen
ea94f3c9f9 feat(stripe): update webhook event construction to ignore API version mismatches 2026-02-08 06:43:34 -05:00
Chang lue Tsen
701d47ed21 feat(order): add validation for quantity and amount limits in order requests 2026-02-08 06:41:23 -05:00
EUForest
7e08a07e29 fix: resolve balance payment issue with coupon and fee calculation
This commit fixes the inconsistent calculation logic between order preview
and actual order creation, which caused balance payment failures when using
coupons.

Changes:
- Standardized fee calculation order in both preCreateOrderLogic and purchaseLogic
- Moved gift amount deduction after fee calculation to ensure correct total
- Removed premature gift amount deduction before transaction in purchaseLogic
- Gift amount is now only deducted within the database transaction

The calculation order is now unified:
1. Apply coupon discount
2. Calculate handling fee based on post-coupon amount
3. Deduct gift amount from total (including fee)

This ensures the preview amount matches the actual payment amount.
2026-02-06 23:14:04 +08:00
EUForest
64023dfd1d update: redis config 2026-01-31 12:08:56 +08:00
EUForest
37200698ab update: redis config 2026-01-31 12:08:12 +08:00
EUForest
ffe589ff77 feat: Device short code lookup 2026-01-31 11:52:09 +08:00
5f1a546bbe fix: resolve trial subscription cache issue on new user registration
When new users register with trial subscription enabled, the subscription
link fails to connect in Clash clients. This is caused by missing cache
invalidation after transaction commit.

Changes:
- Add cache clearing after successful trial subscription creation
- Clear user subscription cache, subscription details cache, and server cache
- Modify activeTrial functions to return subscription object for cache clearing
- Apply fix to all registration methods: email, phone, device, and OAuth

This ensures subscription links work immediately after registration without
requiring manual subscription reset.
2026-01-22 23:57:15 +07:00
EUForest
5f55b1242e fix: resolve order queue loss issue with retry mechanism and idempotency
- Fix task error handling: return actual errors instead of nil to enable retry
- Add idempotency check: skip processing for already finished orders
- Extend temp order cache: increase from 15 minutes to 24 hours
- Configure retry policy: add MaxRetry(5) for all payment callbacks (Epay, Alipay, Stripe)

This fixes the critical issue where paid orders were being lost due to:
1. Failed tasks being marked as successful and deleted from queue
2. Temporary order info expiring before queue processing
3. No retry mechanism for transient failures

Changes:
- queue/logic/order/activateOrderLogic.go: Fix error returns and add idempotency
- internal/logic/public/portal/purchaseLogic.go: Extend cache to 24 hours
- internal/logic/notify/*NotifyLogic.go: Add retry configuration
2026-01-12 18:30:42 +08:00
EUForest
7d4a19c9a3 fix: add quota limit check to prevent subscription bypass
- Add quota check in preCreateOrderLogic for order preview
- Move quota check inside transaction in purchaseLogic to prevent race condition
- Add quota check in activateOrderLogic as final safeguard when creating subscription
- Add quota check in redeemCodeLogic when redeeming codes for new subscriptions
2026-01-10 21:18:26 +08:00
EUForest
2a1ae2e1cc feat: add index on user.refer_code for faster invite code lookup
- Add idx_refer_code index to improve query performance
- Prevents full table scan when validating invite codes during registration
2026-01-10 20:37:24 +08:00
EUForest
3359704a45 feat: add short_code field to device login API
- Add optional short_code parameter to DeviceLoginRequest
- Add ShortCode field to Device model
- Save short_code to database during device registration
- Add database migration for user_device.short_code column
- Fix duplicate variable declaration in routes.go
2026-01-10 18:11:24 +08:00
Chang lue Tsen
1995987f00 feat(config): add PaddingScheme to configuration and update server config logic 2026-01-07 09:39:10 -05:00
Chang lue Tsen
7d84cf858b fix(currency): initialize exchange rate to 0 and improve error logging in purchase checkout 2026-01-07 09:35:52 -05:00
Chang lue Tsen
58caa497c3 fix(exchange): update exchange rate API endpoint and adjust request parameters 2026-01-07 09:35:09 -05:00
EUForest
ed669d0620 feat: remove v prefix from service version and disable SECRET_KEY check 2026-01-07 14:40:07 +08:00
EUForest
076e5e584b fix: use underscore in build time to avoid ldflags parsing error 2026-01-07 14:27:41 +08:00
EUForest
d3e18af08e fix: correct ldflags for version and build time 2026-01-07 14:25:55 +08:00
EUForest
69ec491d0a fix bug: Restore WS connection 2026-01-07 01:23:40 +08:00
EUForest
d2e9a837cc Merge upstream changes and release v1.3.1 2026-01-06 18:53:52 +08:00
EUForest
f452838c63 Merge upstream/master into develop 2026-01-06 18:52:28 +08:00
EUForest
3eb40bd5e4 chore: simplify build workflow for v1.3 2026-01-06 17:10:41 +08:00
EUForest
8a804eec0c chore: simplify build workflow for v1.3 2026-01-06 17:02:31 +08:00
EUForest
8f783b162c feat: redemption code 2026-01-06 16:24:24 +08:00