lzt/new-api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b2e62a44eee467a24e4069db3181d8f03fc4c7db
new-api/model
T
History
CaIon b2e62a44ee fix(topup): harden top-up search against DoS and cap user queries to 30 days 
Apply the same LIKE sanitization used for token search to SearchUserTopUps
and SearchAllTopUps (reject %%, cap % count, require >=2 stripped chars,
use ESCAPE '!') and bound COUNT with a 10000-row hard limit to avoid
unbounded full-table scans.

Also restrict user-facing list and search (GetUserTopUps, SearchUserTopUps)
to records within the last 30 days via create_time. Admin endpoints
(GetAllTopUps, SearchAllTopUps) remain unrestricted.
2026-04-18 00:01:03 +08:00
..
ability.go
feat: add special user usable group setting
2025-10-28 23:25:43 +08:00
channel_cache.go
refactor(channel_cache): improve channel selection logic by handling zero total weight and removing unnecessary variable
2025-10-29 21:49:06 +08:00
channel_satisfy.go
feat: channel affinity (#2669)
2026-01-26 19:57:41 +08:00
channel.go
feat(channel): add error handling for SaveWithoutKey when channel ID is 0
2025-12-20 13:26:40 +08:00
checkin.go
feat(checkin): add check-in functionality with status retrieval and user quota rewards
2026-01-02 23:00:33 +08:00
custom_oauth_provider.go
imporve oauth provider UI/UX (#2983)
2026-02-22 15:41:29 +08:00
db_time.go
feat: add subscription billing system (#2808)
2026-02-03 17:40:43 +08:00
errors.go
fix: harden token auth error handling to prevent info leakage
2026-04-12 17:39:00 +08:00
log.go
feat(topup): add admin-only audit info to top-up logs
2026-04-17 23:51:30 +08:00
main.go
fix: enhance migrateTokenModelLimitsToText function to return errors and improve migration checks
2026-02-28 19:08:03 +08:00
midjourney.go
refactor(task): enhance UpdateWithStatus for CAS updates and add integration tests
2026-02-22 16:01:19 +08:00
missing_models.go
🖼️ chore: format code file
2025-08-10 12:11:31 +08:00
model_extra.go
🚀 perf: optimize model management APIs, unify pricing types as array, and remove redundancies
2025-08-11 14:40:01 +08:00
model_meta.go
fix(model): 解决模型创建和更新时零值字段被默认值覆盖的问题
2026-02-03 13:32:14 +08:00
option.go
feat: 支持强制使用 AUTH LOGIN 以解决 outlook 等邮箱的发件问题 (#4112)
2026-04-08 16:53:10 +08:00
passkey.go
format: package name -> github.com/QuantumNous/new-api (#2017)
2025-10-11 15:30:09 +08:00
prefill_group.go
format: package name -> github.com/QuantumNous/new-api (#2017)
2025-10-11 15:30:09 +08:00
pricing_default.go
feat(pricing): add default vendor icons with LobeHub color support
2025-08-29 23:42:33 +08:00
pricing_refresh.go
🖼️ chore: format code file
2025-08-10 12:11:31 +08:00
pricing.go
fix: unify pricing labels and expand marketplace pricing display
2026-03-06 22:33:51 +08:00
redemption.go
fix: harden token auth error handling to prevent info leakage
2026-04-12 17:39:00 +08:00
setup.go
feat: Implement system setup functionality
2025-04-03 18:57:15 +08:00
subscription.go
chore: Improve subscription billing fallback and UI states
2026-02-07 00:57:36 +08:00
task_cas_test.go
refactor(task): enhance UpdateWithStatus for CAS updates and add integration tests
2026-02-22 16:01:19 +08:00
task.go
fix: support vertex multi-key task fetch in content proxy
2026-02-27 17:07:10 +08:00
token_cache.go
format: package name -> github.com/QuantumNous/new-api (#2017)
2025-10-11 15:30:09 +08:00
token.go
fix(user): invalidate user and token caches when disabling user
2026-04-17 23:58:45 +08:00
topup.go
fix(topup): harden top-up search against DoS and cap user queries to 30 days
2026-04-18 00:01:03 +08:00
twofa.go
fix: harden token auth error handling to prevent info leakage
2026-04-12 17:39:00 +08:00
usedata.go
feat(dashboard): add admin user analytics and fix chart labels
2026-04-08 15:44:01 +08:00
user_cache.go
fix(user): invalidate user and token caches when disabling user
2026-04-17 23:58:45 +08:00
user_oauth_binding.go
fix(oauth): enhance error handling and transaction management for OAuth user creation and binding
2026-02-05 21:48:05 +08:00
user.go
fix: harden token auth error handling to prevent info leakage
2026-04-12 17:39:00 +08:00
utils.go
format: package name -> github.com/QuantumNous/new-api (#2017)
2025-10-11 15:30:09 +08:00
vendor_meta.go
format: package name -> github.com/QuantumNous/new-api (#2017)
2025-10-11 15:30:09 +08:00