Fix/2fa require password

[z23cc]

⚠️ 提交说明 / PR Notice

Important

• 请提供人工撰写的简洁摘要，避免直接粘贴未经整理的 AI 输出。

📝 变更描述 / Description

(简述：做了什么？为什么这样改能生效？请基于你对代码逻辑的理解来写，避免粘贴未经整理的内容)

🚀 变更类型 / Type of change

• 🐛 Bug 修复 (Bug fix) - 请关联对应 Issue，避免将设计取舍、理解偏差或预期不一致直接归类为 bug
• ✨ 新功能 (New feature) - 重大特性建议先通过 Issue 沟通
• ⚡ 性能优化 / 重构 (Refactor)
• 📝 文档更新 (Documentation)

🔗 关联任务 / Related Issue

• Closes # (如有)

✅ 提交前检查项 / Checklist

• 人工确认: 我已亲自整理并撰写此描述，没有直接粘贴未经处理的 AI 输出。
• 非重复提交: 我已搜索现有的 Issues 与 PRs，确认不是重复提交。
• Bug fix 说明: 若此 PR 标记为 Bug fix，我已提交或关联对应 Issue，且不会将设计取舍、预期不一致或理解偏差直接归类为 bug。
• 变更理解: 我已理解这些更改的工作原理及可能影响。
• 范围聚焦: 本 PR 未包含任何与当前任务无关的代码改动。
• 本地验证: 已在本地运行并通过测试或手动验证，维护者可以据此复核结果。
• 安全合规: 代码中无敏感凭据，且符合项目代码规范。

📸 运行证明 / Proof of Work

(请在此粘贴截图、关键日志或测试报告，以证明变更生效)

Summary by CodeRabbit

• New Features

  • Added navigation menus, channel preparation management, cost report tools, usage log export, and query-key reporting/testing in the admin interface.
  • Added channel preparation auto-promotion controls and a local Docker-based setup helper.
  • Expanded 2FA flows to require account-password confirmation for sensitive actions.

• Bug Fixes

  • Improved channel balance/quota management and channel listing stats.
  • Added clearer channel selection, search, and key-report behavior, including better handling of multi-key entries.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 683dce36-089d-405a-bfd1-3e9e14bc5e2d

📥 Commits

Reviewing files that changed from the base of the PR and between 3a506f5 and fb3f77a.

⛔ Files ignored due to path filters (2)

• go.sum is excluded by !**/*.sum
• web/bun.lock is excluded by !**/*.lock

📒 Files selected for processing (135)

• .github/workflows/docker-build.yml
• .github/workflows/docker-image-alpha.yml
• .github/workflows/docker-image-nightly.yml
• .gitignore
• Dockerfile
• bin/docker-local.sh
• controller/channel-billing.go
• controller/channel-test.go
• controller/channel.go
• controller/channel_batch_key_search_test.go
• controller/channel_preparation.go
• controller/channel_preparation_auto_promotion.go
• controller/channel_preparation_auto_promotion_test.go
• controller/channel_query_key.go
• controller/channel_query_key_report_test.go
• controller/channel_test_internal_test.go
• controller/cost_report.go
• controller/group.go
• controller/log.go
• controller/model_list_test.go
• controller/navigation.go
• controller/option.go
• controller/twofa.go
• docker-compose.yml
• docs/channel/channel-api.md
• docs/reviews/channel-cost-statistics-template-plan-critique-2026-06-03.md
• docs/reviews/channel-preparation-auto-promotion-plan-critique-2026-06-02.md
• docs/reviews/channel-preparation-pool-plan-critique-2026-06-02.md
• docs/reviews/usage-log-excel-export-plan-critique-2026-06-03.md
• go.mod
• main.go
• middleware/auth.go
• middleware/distributor.go
• middleware/distributor_channel_affinity_test.go
• model/channel.go
• model/channel_preparation.go
• model/channel_preparation_test.go
• model/channel_query_key_report.go
• model/channel_query_key_report_test.go
• model/cost_report.go
• model/log.go
• model/main.go
• model/navigation.go
• model/option.go
• model/option_test.go
• relay/channel/claude/relay-claude.go
• router/api-router.go
• service/channel_affinity.go
• service/cost_report/aggregation.go
• service/cost_report/classification.go
• service/cost_report/config.go
• service/cost_report/config_test.go
• service/cost_report/export_excel.go
• service/cost_report/formula_adapter.go
• service/cost_report/manual_cells.go
• service/cost_report/runs.go
• service/cost_report/service_test.go
• service/cost_report/templates.go
• service/navigation.go
• service/navigation_test.go
• service/usage_log_export/export_excel.go
• service/usage_log_export/export_excel_test.go
• service/waffo_pancake_test.go
• setting/operation_setting/channel_preparation_auto_promotion_setting.go
• setting/operation_setting/channel_preparation_auto_promotion_setting_test.go
• setting/ratio_setting/model_ratio.go
• setting/ratio_setting/model_ratio_test.go
• web/classic/package.json
• web/classic/src/App.jsx
• web/classic/src/components/layout/PageLayout.jsx
• web/classic/src/components/layout/SiderBar.jsx
• web/classic/src/components/query-key/QueryKeyPage.jsx
• web/classic/src/components/settings/personal/components/TwoFASetting.jsx
• web/classic/src/components/table/channel-preparations/AutoPromotionPanel.jsx
• web/classic/src/components/table/channel-preparations/PreparationActions.jsx
• web/classic/src/components/table/channel-preparations/PreparationColumnDefs.jsx
• web/classic/src/components/table/channel-preparations/PreparationFilters.jsx
• web/classic/src/components/table/channel-preparations/PreparationTable.jsx
• web/classic/src/components/table/channel-preparations/index.jsx
• web/classic/src/components/table/channel-preparations/modals/EditPreparationModal.jsx
• web/classic/src/components/table/channel-preparations/modals/ImportPreparationModal.jsx
• web/classic/src/components/table/channels/ChannelsColumnDefs.jsx
• web/classic/src/components/table/channels/ChannelsFilters.jsx
• web/classic/src/components/table/channels/ChannelsTable.jsx
• web/classic/src/components/table/channels/index.jsx
• web/classic/src/components/table/channels/modals/BatchImportModal.jsx
• web/classic/src/components/table/channels/modals/ColumnSelectorModal.jsx
• web/classic/src/components/table/channels/modals/EditChannelModal.jsx
• web/classic/src/components/table/cost-reports/CostReportSpreadsheetPreview.jsx
• web/classic/src/components/table/cost-reports/index.jsx
• web/classic/src/components/table/usage-logs/UsageLogsFilters.jsx
• web/classic/src/components/table/usage-logs/index.jsx
• web/classic/src/components/table/usage-logs/modals/UsageLogExportModal.jsx
• web/classic/src/helpers/auth.jsx
• web/classic/src/helpers/render.jsx
• web/classic/src/helpers/utils.jsx
• web/classic/src/hooks/channels/useChannelPreparationsData.jsx
• web/classic/src/hooks/channels/useChannelsData.jsx
• web/classic/src/hooks/common/useSidebar.js
• web/classic/src/hooks/usage-logs/useUsageLogsData.jsx
• web/classic/src/i18n/locales/en.json
• web/classic/src/i18n/locales/fr.json
• web/classic/src/i18n/locales/ja.json
• web/classic/src/i18n/locales/ru.json
• web/classic/src/i18n/locales/vi.json
• web/classic/src/i18n/locales/zh-CN.json
• web/classic/src/i18n/locales/zh-TW.json
• web/classic/src/i18n/locales/zh.json
• web/classic/src/pages/ChannelPreparation/index.jsx
• web/classic/src/pages/CostReport/index.jsx
• web/classic/src/pages/QueryKey/index.jsx
• web/default/src/components/layout/components/public-navigation.tsx
• web/default/src/components/layout/components/top-nav.tsx
• web/default/src/components/layout/types.ts
• web/default/src/features/channels/components/channels-dialogs.tsx
• web/default/src/features/channels/components/channels-primary-buttons.tsx
• web/default/src/features/channels/components/channels-provider.tsx
• web/default/src/features/channels/components/dialogs/batch-import-dialog.tsx
• web/default/src/features/channels/components/drawers/channel-mutate-drawer.tsx
• web/default/src/features/channels/lib/channel-form.ts
• web/default/src/features/system-settings/maintenance/header-navigation-section.tsx
• web/default/src/features/system-settings/site/section-registry.tsx
• web/default/src/features/usage-logs/api.ts
• web/default/src/features/usage-logs/components/common-logs-filter-bar.tsx
• web/default/src/features/usage-logs/components/dialogs/common-logs-export-dialog.tsx
• web/default/src/features/usage-logs/components/logs-filter-toolbar.tsx
• web/default/src/features/usage-logs/types.ts
• web/default/src/hooks/use-top-nav-links.ts
• web/default/src/i18n/locales/en.json
• web/default/src/i18n/locales/fr.json
• web/default/src/i18n/locales/ja.json
• web/default/src/i18n/locales/ru.json
• web/default/src/i18n/locales/vi.json
• web/default/src/i18n/locales/zh.json
• web/default/src/lib/nav-modules.ts

---

Walkthrough

This PR introduces four major new systems: a channel preparation pool with configurable auto-promotion scheduling, a cost report template/preview/export system with formula and classification engines, a hierarchical navigation menu system with RBAC visibility, and usage log XLSX export. It also adds channel key query reporting, 2FA password verification, channel affinity usability validation, Claude file type handling improvements, model ratio backfilling for claude-sonnet-4-6, and migrates all Docker image publishing from Docker Hub to GHCR.

Changes

CI/Docker Infrastructure

Layer / File(s)	Summary
GHCR workflow migration .github/workflows/docker-build.yml, .github/workflows/docker-image-alpha.yml, .github/workflows/docker-image-nightly.yml	All three Docker publishing workflows remove Docker Hub references and redirect tags, cosign signing, and multi-arch manifest creation exclusively to ghcr.io/<normalized-repo>.
Dockerfile, local dev script, and compose Dockerfile, bin/docker-local.sh, docker-compose.yml, .gitignore	Frontend build consolidated into a single frontend-builder stage with FRONTEND_THEME/FRONTEND_BUILD_GC_HEAP_SIZE args. New 457-line bin/docker-local.sh manages local Docker stack. Compose port changes to 3001:3000.

Channel Preparation Pool & Auto-Promotion

Layer / File(s)	Summary
ChannelPreparation model, settings, and channel.go extensions model/channel_preparation.go, model/channel_preparation_test.go, model/channel.go, setting/operation_setting/channel_preparation_auto_promotion_setting.go, setting/operation_setting/channel_preparation_auto_promotion_setting_test.go	ChannelPreparation struct with lifecycle/test status constants, normalization, conflict detection, and ToChannel mapping. ChannelPreparationAutoPromotionSetting with rule validation and backward-compatible strategy normalization. model/channel.go gains ChannelListStats, ApplyChannelStatusFilter, SearchChannelsByExactKeys, CreateChannelsWithTx, ResetChannelUsedQuota, and GetDistinctChannelGroups.
Preparation CRUD, import, and promotion controllers controller/channel_preparation.go, docs/reviews/channel-preparation-pool-plan-critique-2026-06-02.md	Nine Gin handlers: list/get/test/add/update/delete/import preparations and single/batch promotion. Import performs per-item validation and intra-batch duplicate detection. Promotion uses a DB transaction to atomically lock, create channels, and delete the preparation record.
Auto-promotion controller and scheduler controller/channel_preparation_auto_promotion.go, controller/channel_preparation_auto_promotion_test.go, controller/option.go, main.go, docs/reviews/channel-preparation-auto-promotion-plan-critique-2026-06-02.md	Mutex-guarded RunChannelPreparationAutoPromotion with per-rule deficit/capacity computation and three candidate selection strategies. StartChannelPreparationAutoPromotionTask starts the scheduler loop via sync.Once on master nodes. Option validation added for three auto-promotion keys. main.go wires the task at startup.
Channel search/billing/group extensions, batch key search, and routing controller/channel.go, controller/channel-billing.go, controller/channel_batch_key_search_test.go, controller/group.go, router/api-router.go, model/main.go, docs/channel/channel-api.md	SearchChannelsByKeys endpoint with chunked key lookup, type_counts, and key field clearing. GetAllChannels/SearchChannels return ChannelListStats. AddChannel/FetchModels refactored. ClearChannelUsedQuota/SetChannelBalance handlers added. GetGroups includes channel and preparation groups. Router wires all new preparation/billing routes. Comprehensive channel API documentation added.
Channel preparations frontend web/classic/src/components/table/channel-preparations/*, web/classic/src/components/layout/SiderBar.jsx, web/classic/src/App.jsx, web/classic/src/helpers/..., web/classic/src/helpers/utils.jsx	ChannelPreparationsPage assembles AutoPromotionPanel, PreparationActions, PreparationFilters, PreparationTable, EditPreparationModal, and ImportPreparationModal. Sidebar entry and routes added. buildGroupOptions helper added to utils.
Channel table: balance editing, batch import, and quota stats web/classic/src/components/table/channels/*	ChannelsColumnDefs adds balance edit modal with InputNumber and clears used quota. ChannelsFilters shows total/remaining quota badges and batch import button. BatchImportModal implements per-line Anthropic channel creation with progress tracking and result display.

Cost Report System

Layer / File(s)	Summary
Cost report models and template config DSL model/cost_report.go, service/cost_report/config.go, service/cost_report/config_test.go, docs/reviews/channel-cost-statistics-template-plan-critique-2026-06-03.md	Five GORM model structs for templates, versions, runs, row snapshots, and manual cells. ValidateTemplateConfig enforces timezone, field kinds, formula cycle detection via DFS, and classification rule validation. DefaultClaudeCostTemplateConfig returns a built-in Claude cost template. EnsureDefaultTemplates upserts versioned defaults idempotently.
Aggregation preview, classification, and formula adapter service/cost_report/aggregation.go, service/cost_report/classification.go, service/cost_report/formula_adapter.go	Service.Preview scans consume logs in batches, builds dimension/metric row accumulators, applies manual defaults and persisted overrides, sorts, and evaluates formulas. Classify evaluates ordered rules with condition groups and operators including regex/in/contains. formulaEvaluator compiles expr programs, resolves dependencies topologically, and evaluates per-row with running partitions.
Templates, runs, manual cells, and Excel export service/cost_report/templates.go, service/cost_report/runs.go, service/cost_report/manual_cells.go, service/cost_report/export_excel.go, service/cost_report/service_test.go	SaveTemplate creates versioned templates with archiving. SaveRunFromPreview persists run and row snapshots in a transaction. UpsertManualCell/ReadManualCells provide typed ON CONFLICT upsert. ExportRunXLSX generates XLSX with data/meta sheets. Service tests cover all paths including e2e export and log scan ordering.
Cost report controller, router, migrations, and deps controller/cost_report.go, router/api-router.go, model/main.go, go.mod, web/classic/package.json	Fourteen Gin handlers under /api/cost_reports (RootAuth). Router wired. Navigation and cost-report tables migrated with seedDefaultNavigation. excelize/v2 added to go.mod; jspreadsheet-ce/jsuites added to package.json.
Cost reports frontend with spreadsheet preview web/classic/src/components/table/cost-reports/index.jsx, web/classic/src/components/table/cost-reports/CostReportSpreadsheetPreview.jsx, web/classic/src/App.jsx, web/classic/src/helpers/auth.jsx	CostReportsPage manages template selection, field config editing with validation, preview generation, manual cell editing, snapshot saving/viewing, and XLSX export. CostReportSpreadsheetPreview renders jspreadsheet-ce with editable manual cells. RootRoute auth guard added; /console/cost-reports route wired.

Navigation System

Layer / File(s)	Summary
Navigation models, service tree/cache/visibility, and tests model/navigation.go, service/navigation.go, service/navigation_test.go	Four GORM structs with cascade deletes. NavigationService provides RBAC-filtered tree with allow/deny visibility rules, multi-step locale label fallback, and in-memory RW-locked cache. Tests cover URL validation, visibility filtering for multiple roles/groups, and label fallback.
Navigation admin CRUD controller, DB migration, and seeding controller/navigation.go, model/main.go, router/api-router.go	Eleven admin handlers for menu/item CRUD and item reordering, each invalidating cache. Transactions handle translation/rule recreation and child node re-parenting. seedDefaultNavigation populates default top nav with per-locale translations on first run.

Feature Additions

Layer / File(s)	Summary
Channel query key report model/channel_query_key_report.go, model/channel_query_key_report_test.go, controller/channel_query_key.go, controller/channel_query_key_report_test.go, web/classic/src/components/query-key/QueryKeyPage.jsx	BuildChannelQueryKeyReport queries Channel and ChannelPreparation in batches, computes per-key quota/amount/over-brush metrics with shared multi-key handling. Controller exposes report and single-key test endpoints. QueryKeyPage renders bucket filtering, TSV copy, and concurrency-limited batch testing.
Usage log XLSX export model/log.go, controller/log.go, service/usage_log_export/export_excel.go, service/usage_log_export/export_excel_test.go, web/classic/src/components/table/usage-logs/...	GetLogsForExportBatch cursor-paginates logs for export. BuildXLSX streams logs to Excel with field groups, admin-only filtering, and secret redaction in other_json. UsageLogExportModal renders grouped field checkboxes with blob download. Export routes added for admin and user scopes.
2FA password verification controller/twofa.go, web/classic/src/components/settings/personal/components/TwoFASetting.jsx	verifyAccountPasswordForTwoFA validates account password before Setup2FA, Enable2FA, and Disable2FA proceed. Frontend adds a pre-setup password modal and passes password in all 2FA mutation payloads.
Channel affinity usability validation service/channel_affinity.go, middleware/distributor.go, middleware/distributor_channel_affinity_test.go	GetUsablePreferredChannelByAffinity validates cached channel's enabled status and group eligibility, clearing affinity cache on failure. Distribute middleware simplified to a single call. Tests verify reselection when affinity targets disabled or model-mismatched channels.
Channel test model, Claude file types, model ratio backfill, and misc controller/channel-test.go, relay/channel/claude/relay-claude.go, model/option.go, model/option_test.go, setting/ratio_setting/model_ratio.go, middleware/auth.go, controller/model_list_test.go, service/waffo_pancake_test.go	resolveChannelTestModel adds Anthropic-specific preferred model selection. Claude relay maps ContentTypeFile to document/text/image types by MIME. backfillRequiredModelRatioOptions seeds claude-sonnet-4-6 ratio. TryUserAuth adds nil guards. Test helpers restore global DB pointers.

Sequence Diagram(s)

sequenceDiagram
  participant Scheduler as AutoPromotion Scheduler
  participant RunFn as RunChannelPreparationAutoPromotion
  participant DB as Database
  participant Preparation as ChannelPreparation
  participant ChannelCache as Channel Cache

  Scheduler->>RunFn: trigger="scheduler"
  RunFn->>RunFn: TryLock (reject if already running)
  loop per configured rule
    RunFn->>DB: compute effective capacity (enabled channels balance - used quota)
    RunFn->>DB: compute count deficit vs MinimumUsableChannelCount
    alt shortage detected
      RunFn->>DB: load pending preparations (group/type/balance filter)
      RunFn->>RunFn: chooseCandidate (SmallBalance/LargeBalance/PriorityWeighted)
      RunFn->>Preparation: promoteChannelPreparation (DB transaction)
      Preparation->>DB: lock row, status→promoting, create channels, delete preparation
      Preparation-->>RunFn: channelID
      RunFn->>ChannelCache: InitChannelCache + ResetProxyClientCache
    else no shortage or no candidate
      RunFn->>RunFn: break rule loop
    end
  end
  RunFn-->>Scheduler: RunSummary (promotions, limit_reached)

Loading

Estimated code review effort

🎯 5 (Critical) | ⏱️ ~180+ minutes

Possibly related PRs

• QuantumNous/new-api#1487: Introduces the initial 2FA TOTP/backup code support in controller/twofa.go; this PR extends those handlers with mandatory account password verification.
• QuantumNous/new-api#2669: Introduces the channel-affinity cache subsystem that this PR refactors by extracting usability validation into GetUsablePreferredChannelByAffinity and simplifying the distributor middleware.
• QuantumNous/new-api#1360: Introduces multi-key channel key handling that this PR builds upon in BuildChannelQueryKeyReport and SearchChannelsByExactKeys parsing logic.

Suggested labels

enhancement

Suggested reviewers

• Calcium-Ion
• seefs001

Poem

🐰 A rabbit hops through code so vast,
New channels staged, promotions cast,
Cost reports bloom with formula art,
Navigation trees — each item, a chart!
GHCR now the only home,
This bunny's proud of all you've grown! 🌟

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

⚔️ Resolve merge conflicts

• Resolve merge conflict in branch fix/2fa-require-password

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ast-grep (0.44.0)

web/classic/src/components/table/channels/modals/EditChannelModal.jsx

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}