Upload 24 files

Dockerfile

@@ -0,0 +1,12 @@
+FROM python:3.11-slim
+
+WORKDIR /app
+
+COPY requirements.txt .
+RUN pip install --no-cache-dir -r requirements.txt
+
+COPY . .
+
+EXPOSE 8081
+
+CMD ["uvicorn", "src.main:app", "--host", "0.0.0.0", "--port", "8081"]

README.md

@@ -1,11 +1,257 @@
----
-title: Ob12api
-emoji: 🐠
-colorFrom: blue
-colorTo: pink
-sdk: docker
-pinned: false
-app_port: 8081
----
-
-Check out the configuration reference at https://huggingface.co/docs/hub/spaces-config-reference
+<div align="center">
+
+# OB1-2API
+
+**将 [OB-1](https://openblocklabs.com) AI 服务转为 OpenAI 兼容 API**
+
+[快速开始](#快速开始) | [功能特性](#功能特性) | [配置说明](#配置说明) | [API 文档](#api-接口)
+
+</div>
+
+## 功能特性
+
+- 🔄 **OpenAI 兼容** — `/v1/chat/completions`、`/v1/models`，直接对接主流客户端
+- 🤖 **Anthropic Messages API** — `/v1/messages`，兼容 Claude Code 等 Anthropic 原生客户端
+- 👥 **多账号轮换** — 缓存优先 / 平衡轮换 / 性能优先三种调度策略
+- 🔐 **自动 Token 管理** — 基于 WorkOS OAuth 设备授权，自动续期，401 即时重试
+- 📡 **流式输出** — 完整 SSE 流式响应，实时返回生成内容
+- 🖥️ **Web 管理面板** — 账号、API Key、系统设置、设备授权一站式操作
+- ⚡ **热重载配置** — 后台修改即时生效，无需重启服务
+- 🌐 **代理支持** — HTTP 代理配置，可视化连通性测试
+
+## 快速开始
+
+### 直接运行
+
+```bash
+# 克隆项目
+git clone https://github.com/longnghiemduc6-art/ob12api.git
+cd ob12api
+
+# 安装依赖
+pip install -r requirements.txt
+
+# 启动服务
+python main.py
+```
+
+### Docker 部署
+
+```bash
+docker run -d \
+  --name ob12api \
+  -p 8081:8081 \
+  -v ./config:/app/config \
+  -v ./data:/app/data \
+  ob12api
+```
+
+### Docker Compose
+
+```yaml
+version: '3.8'
+services:
+  ob12api:
+    build: .
+    ports:
+      - "8081:8081"
+    volumes:
+      - ./config:/app/config
+      - ./data:/app/data
+    restart: unless-stopped
+```
+
+服务启动后访问 `http://localhost:8081` 进入管理面板。
+
+## 配置说明
+
+编辑 `config/setting.toml`：
+
+```toml
+[global]
+api_key = "your-api-key"          # 客户端调用使用的 API Key
+
+[server]
+host = "0.0.0.0"
+port = 8081
+
+[admin]
+username = "admin"
+password = "admin"                 # ⚠️ 请务必修改默认密码
+
+[proxy]
+url = ""                           # HTTP 代理地址（可选）
+
+[ob1]
+rotation_mode = "cache-first"      # 调度模式：cache-first / balanced / performance
+
+[logging]
+level = "INFO"                     # 日志级别：DEBUG / INFO / WARNING / ERROR
+```
+
+## 添加账号
+
+进入管理面板后，支持两种方式添加 OB-1 账号：
+
+| 方式 | 说明 |
+|------|------|
+| **设备授权** | 点击「设备授权」按钮，获取授权码后在 OB-1 网站完成授权 |
+| **JSON 导入** | 批量导入已有账号的 JSON 数据 |
+
+## 调度模式
+
+| 模式 | 策略 | 适用场景 |
+|------|------|----------|
+| `cache-first` | 优先使用上次成功的账号，减少切换开销 | 稳定使用 |
+| `balanced` | 轮流使用各账号，均衡分配请求负载 | 日常使用，延长账号寿命 |
+| `performance` | 随机选择可用账号，分散请求压力 | 高并发场景 |
+
+## API 接口
+
+### 获取模型列表
+
+```bash
+curl http://localhost:8081/v1/models \
+  -H "Authorization: Bearer your-api-key"
+```
+
+### 对话补全（流式）
+
+```bash
+curl http://localhost:8081/v1/chat/completions \
+  -H "Authorization: Bearer your-api-key" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "model": "anthropic/claude-sonnet-4",
+    "messages": [{"role": "user", "content": "Hello"}],
+    "stream": true
+  }'
+```
+
+### 对话补全（非流式）
+
+```bash
+curl http://localhost:8081/v1/chat/completions \
+  -H "Authorization: Bearer your-api-key" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "model": "anthropic/claude-sonnet-4",
+    "messages": [{"role": "user", "content": "Hello"}],
+    "stream": false
+  }'
+```
+
+## 项目结构
+
+```
+ob12api/
+├── main.py                  # 启动入口
+├── requirements.txt         # Python 依赖
+├── config/
+│   ├── setting.toml         # 配置文件
+│   ├── accounts.json        # 账号数据（自动生成）
+│   └── api_keys.json        # API Key 数据（自动生成）
+├── data/
+│   └── tokens.json          # OAuth Token 存储
+├── src/
+│   ├── main.py              # FastAPI 应用
+│   ├── api/
+│   │   ├── routes.py        # OpenAI 兼容路由
+│   │   └── admin.py         # 管理后台接口
+│   ├── core/
+│   │   ├── config.py        # 配置加载（热重载）
+│   │   ├── auth.py          # 认证鉴权
+│   │   ├── models.py        # 请求/响应模型
+│   │   └── logger.py        # 日志系统
+│   └── services/
+│       ├── token_manager.py # Token 生命周期管理
+│       ├── ob1_client.py    # OB-1 API 客户端
+│       └── api_key_manager.py # API Key 管理
+└── static/                  # 管理面板前端资源
+```
+
+## ���见问题
+
+### Docker 相关
+
+**Q: Docker 部署后设备授权报错 400**
+
+确保容器能访问外网（WorkOS API）。如需代理，在 `config/setting.toml` 中配置：
+
+```toml
+[proxy]
+url = "http://your-proxy:7890"
+```
+
+或在 Docker 启动时传入网络代理环境变量。
+
+**Q: Docker 重启后管理面板需要重新登录**
+
+这是正常现象。管理面板的 JWT 密钥在每次进程启动时重新生成，重启后旧 Token 失效，重新登录即可。
+
+**Q: Docker 挂载卷后配置不生效**
+
+确认挂载路径正确，配置文件应在宿主机的 `./config/setting.toml`：
+
+```bash
+docker run -d -p 8081:8081 \
+  -v ./config:/app/config \
+  -v ./data:/app/data \
+  ob12api
+```
+
+### 启动报错
+
+**Q: 启动时报 `FileNotFoundError` 或 `KeyError`**
+
+缺少配置文件或配置项不完整。确保 `config/setting.toml` 存在且包含必要字段（`[global]`、`[server]`、`[ob1]`）。可参考上方 [配置说明](#配置说明)。
+
+**Q: 启动时报 `JSONDecodeError`**
+
+`config/accounts.json` 或 `data/tokens.json` 文件损坏。删除对应文件后重启，系统会自动重建：
+
+```bash
+rm config/accounts.json data/tokens.json
+python main.py
+```
+
+### 账号与 Token
+
+**Q: 所有请求返回 503 `No valid OB-1 token`**
+
+所有账号的 Token 均已过期且自动刷新失败。进入管理面板检查账号状态，尝试重新授权或删除失效账号重新添加。
+
+**Q: 设备授权时 WorkOS 返回错误**
+
+- 检查网络连通性，确认能访问 `api.workos.com`
+- 如使用代理，确认代理配置正确且代理服务正常运行
+- 在管理面板的「代理设置」中可测试连通性
+
+**Q: 调用 API 返回 401 Unauthorized**
+
+- 检查请求头中的 API Key 是否正确：`Authorization: Bearer your-api-key`
+- Anthropic 格式也支持 `x-api-key` 头
+- 确认 `config/setting.toml` 中的 `api_key` 或管理面板中已添加对应的 Key
+
+### 代理相关
+
+**Q: 配置代理后仍然连接超时**
+
+确认代理地址格式正确（需包含协议）：`http://127.0.0.1:7890`，不要写成 `127.0.0.1:7890`。可在管理面板「代理设置」中点击测试按钮验证。
+
+## 环境要求
+
+- Python >= 3.11
+- 依赖：FastAPI, uvicorn, httpx, PyJWT, tomli_w
+
+## Star History
+
+[![Star History Chart](https://api.star-history.com/svg?repos=longnghiemduc6-art/ob12api&type=Date)](https://star-history.com/#longnghiemduc6-art/ob12api&Date)
+
+## 免责声明
+
+**本项目仅供学习和研究用途，不得用于商业目的。使用者应遵守相关服务条款和法律法规，因使用本项目产生的任何后果由使用者自行承担。**
+
+## License
+
+MIT

config/setting.toml

@@ -0,0 +1,29 @@
+[global]
+api_key = "your-api-key"
+
+[server]
+host = "0.0.0.0"
+port = 8081
+
+[admin]
+username = "admin"
+password = "admin"
+
+[proxy]
+url = ""
+
+[retry]
+max_retries = 3
+retry_delay = 1
+
+[ob1]
+credentials_path = ""
+workos_auth_url = "https://api.workos.com/user_management/authenticate"
+workos_client_id = "client_01K8YDZSSKDMK8GYTEHBAW4N4S"
+api_base = "https://dashboard.openblocklabs.com/api/v1"
+refresh_buffer_seconds = 600
+rotation_mode = "balanced"
+refresh_interval = 60
+
+[logging]
+level = "INFO"

docker-compose.yml

@@ -0,0 +1,10 @@
+version: '3.8'
+services:
+  ob12api:
+    build: .
+    ports:
+      - "8081:8081"
+    volumes:
+      - ./config:/app/config
+      - ./data:/app/data
+    restart: unless-stopped

main.py

@@ -0,0 +1,5 @@
+"""OB1 2API launcher."""
+import uvicorn
+
+if __name__ == "__main__":
+    uvicorn.run("src.main:app", host="0.0.0.0", port=8081, reload=True)

requirements.txt

@@ -0,0 +1,5 @@
+fastapi>=0.100.0
+uvicorn[standard]>=0.23.0
+httpx>=0.25.0
+tomli_w>=1.0.0
+PyJWT>=2.8.0

src/api/admin.py

@@ -0,0 +1,378 @@
+"""Admin routes — login, accounts, device auth, settings, keys."""
+from __future__ import annotations
+
+import json
+import httpx
+from fastapi import APIRouter, Depends, Request
+from fastapi.responses import JSONResponse
+from pydantic import BaseModel
+
+from ..core.auth import verify_api_key, verify_login, create_login_token
+from ..core import config
+from ..core.config import update_setting
+from ..core.logger import get_logger, set_level
+from ..services.token_manager import OB1TokenManager, DEVICE_AUTH_URL, OB1_WORKOS_AUTH_URL
+from ..services.api_key_manager import ApiKeyManager
+
+log = get_logger("admin")
+
+router = APIRouter(prefix="/admin")
+# Public login route (no auth)
+login_router = APIRouter()
+
+_tm: OB1TokenManager = None
+_km: ApiKeyManager = None
+
+
+def init(token_manager: OB1TokenManager, key_manager: ApiKeyManager):
+    global _tm, _km
+    _tm = token_manager
+    _km = key_manager
+
+
+# ===== Login (public) =====
+
+class LoginRequest(BaseModel):
+    username: str
+    password: str
+
+
+@login_router.post("/api/login")
+async def login(req: LoginRequest):
+    if verify_login(req.username, req.password):
+        token = create_login_token(req.username)
+        return {"success": True, "token": token}
+    return JSONResponse(status_code=401, content={"success": False, "message": "用户名或密码错误"})
+
+
+# ===== Protected routes =====
+_auth = [Depends(verify_api_key)]
+
+
+@router.get("/status", dependencies=_auth)
+async def status():
+    return {"loaded": _tm.is_loaded, "user": _tm.user_email, "org": _tm.org_id, "current_idx": _tm.current_idx, **_tm.stats}
+
+
+# ===== Accounts =====
+
+@router.get("/accounts", dependencies=_auth)
+async def list_accounts():
+    return {"accounts": _tm.list_accounts(), "stats": _tm.stats}
+
+
+@router.post("/accounts/{idx}/refresh", dependencies=_auth)
+async def refresh_account(idx: int):
+    ok = await _tm.refresh_account(idx)
+    return {"ok": ok, "error": "" if ok else "refresh failed"}
+
+
+@router.delete("/accounts/{idx}", dependencies=_auth)
+async def remove_account(idx: int):
+    ok = _tm.remove_account(idx)
+    return {"ok": ok}
+
+
+@router.post("/refresh", dependencies=_auth)
+async def force_refresh():
+    ok = await _tm.refresh()
+    return {"ok": ok}
+
+
+@router.post("/accounts/export", dependencies=_auth)
+async def export_accounts():
+    return {"accounts": [a.to_dict() for a in _tm._accounts]}
+
+
+class ImportRequest(BaseModel):
+    accounts: list[dict]
+
+
+@router.post("/accounts/import", dependencies=_auth)
+async def import_accounts(req: ImportRequest):
+    count = _tm.import_accounts(req.accounts)
+    return {"ok": True, "imported": count}
+
+
+class PushRequest(BaseModel):
+    refresh_tokens: list[str] | None = None
+    accounts: list[dict] | None = None
+
+
+def _verify_api_key_from_request(request: Request) -> bool:
+    from ..core.auth import _extract_token
+    token = _extract_token(request)
+    return bool(token and _km and _km.validate(token))
+
+
+@router.post("/accounts/push")
+async def push_accounts(req: PushRequest, request: Request):
+    """外部推送账号接口（API Key 鉴权），支持两种模式：
+    1. refresh_tokens: 只传 RT，服务端自动刷新补全
+    2. accounts: 传完整账号数据，直接导入
+    """
+    if not _verify_api_key_from_request(request):
+        return JSONResponse(status_code=401, content={"ok": False, "message": "Invalid API Key"})
+
+    imported = 0
+    errors = []
+
+    # 模式1：完整账号数据直接导入
+    if req.accounts:
+        imported = _tm.import_accounts(req.accounts)
+
+    # 模式2：只传 refresh_token，自动刷新
+    if req.refresh_tokens:
+        from ..services.token_manager import Account
+        for rt in req.refresh_tokens:
+            rt = rt.strip()
+            if not rt:
+                continue
+            existing_rts = {a.refresh_token for a in _tm._accounts}
+            if rt in existing_rts:
+                errors.append({"refresh_token": rt[:20] + "...", "error": "已存在"})
+                continue
+            acct = Account({"refresh_token": rt, "expires_at": 0})
+            _tm._accounts.append(acct)
+            idx = len(_tm._accounts) - 1
+            ok = await _tm.refresh_account(idx, force=True)
+            if ok:
+                imported += 1
+            else:
+                _tm._accounts.pop(idx)
+                errors.append({"refresh_token": rt[:20] + "...", "error": "刷新失败"})
+        if imported:
+            _tm._save()
+
+    return {"ok": True, "imported": imported, "errors": errors}
+
+
+class BatchDeleteRequest(BaseModel):
+    indices: list[int]
+
+
+@router.post("/accounts/batch-delete", dependencies=_auth)
+async def batch_delete_accounts(req: BatchDeleteRequest):
+    removed = _tm.batch_remove(req.indices)
+    return {"ok": True, "removed": removed}
+
+
+# ===== Device Auth =====
+
+@router.post("/device-auth", dependencies=_auth)
+async def start_device_auth():
+    try:
+        proxy = config.PROXY_URL or None
+        async with httpx.AsyncClient(proxy=proxy, timeout=15) as client:
+            resp = await client.post(
+                DEVICE_AUTH_URL,
+                data={"client_id": config.OB1_WORKOS_CLIENT_ID},
+                headers={"Content-Type": "application/x-www-form-urlencoded"},
+            )
+        if resp.status_code != 200:
+            return {"error": f"WorkOS returned {resp.status_code}"}
+        return resp.json()
+    except Exception as e:
+        return {"error": str(e)}
+
+
+class PollRequest(BaseModel):
+    device_code: str
+
+
+@router.post("/device-auth/poll", dependencies=_auth)
+async def poll_device_auth(req: PollRequest):
+    try:
+        proxy = config.PROXY_URL or None
+        async with httpx.AsyncClient(proxy=proxy, timeout=15) as client:
+            resp = await client.post(
+                OB1_WORKOS_AUTH_URL,
+                data={
+                    "grant_type": "urn:ietf:params:oauth:grant-type:device_code",
+                    "device_code": req.device_code,
+                    "client_id": config.OB1_WORKOS_CLIENT_ID,
+                },
+                headers={"Content-Type": "application/x-www-form-urlencoded"},
+                timeout=15,
+            )
+        if resp.status_code == 200:
+            result = resp.json()
+            email = await _tm.add_account_from_device(result)
+            return {"status": "complete", "email": email}
+        body = resp.json() if resp.headers.get("content-type", "").startswith("application/json") else {}
+        error = body.get("error", "")
+        if error == "authorization_pending":
+            return {"status": "pending", "message": "等待用户授权..."}
+        if error == "slow_down":
+            return {"status": "pending", "message": "请稍候..."}
+        if error == "expired_token":
+            return {"status": "expired", "message": "授权已过期"}
+        return {"status": "error", "message": body.get("error_description", error or f"HTTP {resp.status_code}")}
+    except Exception as e:
+        return {"status": "error", "message": str(e)}
+
+
+# ===== API Keys =====
+
+class CreateKeyRequest(BaseModel):
+    name: str = ""
+
+
+@router.get("/keys", dependencies=_auth)
+async def list_keys():
+    return {"keys": _km.list_keys()}
+
+
+@router.post("/keys", dependencies=_auth)
+async def create_key(req: CreateKeyRequest):
+    key = _km.create_key(req.name)
+    return {"ok": True, "key": key}
+
+
+@router.delete("/keys/{key}", dependencies=_auth)
+async def delete_key(key: str):
+    ok = _km.delete_key(key)
+    return {"ok": ok}
+
+
+@router.post("/keys/{key}/toggle", dependencies=_auth)
+async def toggle_key(key: str):
+    ok = _km.toggle_key(key)
+    return {"ok": ok}
+
+
+# ===== Settings =====
+
+@router.get("/settings", dependencies=_auth)
+async def get_settings():
+    return {
+        "username": config.ADMIN_USERNAME,
+        "api_key": _km._keys[0].key if _km and _km._keys else config.API_KEY,
+        "proxy_url": config.PROXY_URL,
+        "max_retries": config.MAX_RETRIES,
+        "retry_delay": config.RETRY_DELAY,
+        "rotation_mode": config.OB1_ROTATION_MODE,
+        "refresh_interval": config.OB1_REFRESH_INTERVAL,
+        "log_level": config.LOG_LEVEL,
+    }
+
+
+class PasswordUpdate(BaseModel):
+    old_password: str
+    new_password: str
+
+
+@router.post("/settings/password", dependencies=_auth)
+async def update_password(req: PasswordUpdate):
+    if req.old_password != config.ADMIN_PASSWORD:
+        return JSONResponse(status_code=400, content={"ok": False, "message": "旧密码错误"})
+    update_setting("admin", "password", req.new_password)
+    return {"ok": True}
+
+
+class UsernameUpdate(BaseModel):
+    username: str
+
+
+@router.post("/settings/username", dependencies=_auth)
+async def update_username(req: UsernameUpdate):
+    update_setting("admin", "username", req.username)
+    return {"ok": True}
+
+
+class ApiKeyUpdate(BaseModel):
+    api_key: str
+
+
+@router.post("/settings/api-key", dependencies=_auth)
+async def update_api_key_setting(req: ApiKeyUpdate):
+    old_key = config.API_KEY
+    update_setting("global", "api_key", req.api_key)
+    # Sync to ApiKeyManager so the new key is immediately usable
+    if _km:
+        _km.delete_key(old_key)
+        _km.create_key_with_value(req.api_key, "默认密钥")
+    return {"ok": True}
+
+
+class ProxyUpdate(BaseModel):
+    url: str = ""
+
+
+@router.post("/settings/proxy", dependencies=_auth)
+async def update_proxy(req: ProxyUpdate):
+    update_setting("proxy", "url", req.url)
+    return {"ok": True}
+
+
+class ProxyTestRequest(BaseModel):
+    url: str = ""
+
+
+@router.post("/settings/proxy-test", dependencies=_auth)
+async def test_proxy(req: ProxyTestRequest):
+    proxy_url = req.url.strip()
+    if not proxy_url:
+        return {"ok": False, "error": "代理地址为空"}
+    try:
+        async with httpx.AsyncClient(proxy=proxy_url, timeout=10) as client:
+            resp = await client.get("https://httpbin.org/ip")
+        if resp.status_code == 200:
+            ip = resp.json().get("origin", "unknown")
+            return {"ok": True, "ip": ip}
+        return {"ok": False, "error": f"HTTP {resp.status_code}"}
+    except Exception as e:
+        return {"ok": False, "error": str(e)}
+
+
+class RetryUpdate(BaseModel):
+    max_retries: int = 3
+    retry_delay: int = 1
+
+
+@router.post("/settings/retry", dependencies=_auth)
+async def update_retry(req: RetryUpdate):
+    update_setting("retry", "max_retries", req.max_retries)
+    update_setting("retry", "retry_delay", req.retry_delay)
+    return {"ok": True}
+
+
+class RotationModeUpdate(BaseModel):
+    mode: str
+
+
+@router.post("/settings/rotation-mode", dependencies=_auth)
+async def update_rotation_mode(req: RotationModeUpdate):
+    if req.mode not in ("cache-first", "balanced", "performance"):
+        return JSONResponse(status_code=400, content={"ok": False, "message": "无效的调度模式"})
+    update_setting("ob1", "rotation_mode", req.mode)
+    return {"ok": True}
+
+
+class LogLevelUpdate(BaseModel):
+    level: str
+
+
+@router.post("/settings/log-level", dependencies=_auth)
+async def update_log_level(req: LogLevelUpdate):
+    lvl = req.level.upper()
+    if lvl not in ("DEBUG", "INFO", "WARNING", "ERROR"):
+        return JSONResponse(status_code=400, content={"ok": False, "message": "无效的日志级别"})
+    update_setting("logging", "level", lvl)
+    set_level(lvl)
+    return {"ok": True}
+
+
+class RefreshIntervalUpdate(BaseModel):
+    interval: int = 0
+
+
+@router.post("/settings/refresh-interval", dependencies=_auth)
+async def update_refresh_interval(req: RefreshIntervalUpdate):
+    if req.interval < 0:
+        return JSONResponse(status_code=400, content={"ok": False, "message": "刷新间隔不能为负数"})
+    update_setting("ob1", "refresh_interval", req.interval)
+    # Restart the periodic refresh task
+    from ..main import restart_auto_refresh
+    restart_auto_refresh()
+    return {"ok": True}

src/api/routes.py

@@ -0,0 +1,673 @@
+"""OpenAI-compatible API routes — proxies to OB-1 backend."""
+
+from __future__ import annotations
+
+import json
+import time
+import uuid
+from typing import Any, AsyncGenerator, Optional
+
+from fastapi import APIRouter, Depends, Request
+from fastapi.responses import JSONResponse, StreamingResponse
+
+from ..core.auth import verify_api_key
+from ..core.logger import get_logger
+from ..core.models import AnthropicMessagesRequest, ChatCompletionRequest
+from ..services.ob1_client import OB1Client
+from ..services.token_manager import OB1TokenManager
+
+log = get_logger("routes")
+
+router = APIRouter()
+
+_token_manager: Optional[OB1TokenManager] = None
+_ob1_client: Optional[OB1Client] = None
+
+
+def init(token_manager: OB1TokenManager, ob1_client: OB1Client):
+    global _token_manager, _ob1_client
+    _token_manager = token_manager
+    _ob1_client = ob1_client
+
+
+def _require_token_manager() -> OB1TokenManager:
+    if _token_manager is None:
+        raise RuntimeError("Token manager is not initialized")
+    return _token_manager
+
+
+def _require_ob1_client() -> OB1Client:
+    if _ob1_client is None:
+        raise RuntimeError("OB1 client is not initialized")
+    return _ob1_client
+
+
+@router.get("/v1/models")
+async def list_models(_: str = Depends(verify_api_key)):
+    token_manager = _require_token_manager()
+    ob1_client = _require_ob1_client()
+    api_key = await token_manager.get_api_key()
+    if not api_key:
+        return {"object": "list", "data": []}
+    raw = await ob1_client.fetch_models(api_key)
+    models = []
+    for m in raw:
+        models.append(
+            {
+                "id": m["id"],
+                "object": "model",
+                "created": m.get("created", 0),
+                "owned_by": m["id"].split("/")[0] if "/" in m["id"] else "ob1",
+                "name": m.get("name", m["id"]),
+            }
+        )
+    return {"object": "list", "data": models}
+
+
+@router.post("/v1/chat/completions")
+async def chat_completions(
+    request: ChatCompletionRequest,
+    _: str = Depends(verify_api_key),
+):
+    messages = [{"role": m.role, "content": m.content} for m in request.messages]
+    extra_payload = _build_openai_extra_payload(request.tools, request.tool_choice)
+    resp = await _send_chat_request(
+        messages=messages,
+        model=request.model,
+        stream=request.stream,
+        temperature=request.temperature,
+        top_p=request.top_p,
+        max_tokens=request.max_tokens,
+        extra_payload=extra_payload,
+    )
+    if isinstance(resp, JSONResponse):
+        return resp
+
+    if request.stream:
+        log.debug("Streaming response started")
+        return StreamingResponse(
+            _proxy_stream(resp, _token_manager),
+            media_type="text/event-stream",
+        )
+    else:
+        data = resp.json()
+        usage = data.get("usage", {})
+        _track_usage(usage)
+        log.info(
+            "Chat response: model=%s prompt_tokens=%d completion_tokens=%d",
+            data.get("model", "?"),
+            usage.get("prompt_tokens", 0),
+            usage.get("completion_tokens", 0),
+        )
+        return JSONResponse(content=data)
+
+
+@router.post("/v1/messages")
+async def anthropic_messages(
+    request: AnthropicMessagesRequest,
+    _: str = Depends(verify_api_key),
+):
+    messages = _anthropic_to_openai_messages(request)
+    extra_payload = _build_openai_extra_payload(
+        _anthropic_tools_to_openai(request.tools),
+        _anthropic_tool_choice_to_openai(request.tool_choice),
+    )
+    resp = await _send_chat_request(
+        messages=messages,
+        model=request.model,
+        stream=request.stream,
+        temperature=request.temperature,
+        top_p=request.top_p,
+        max_tokens=request.max_tokens,
+        extra_payload=extra_payload,
+    )
+    if isinstance(resp, JSONResponse):
+        return resp
+
+    if request.stream:
+        return StreamingResponse(
+            _proxy_stream_anthropic(resp, request.model),
+            media_type="text/event-stream",
+        )
+
+    data = resp.json()
+    usage = data.get("usage", {})
+    _track_usage(usage)
+    await resp.aclose()
+    return JSONResponse(content=_openai_to_anthropic_response(data, request.model))
+
+
+async def _send_chat_request(
+    *,
+    messages: list[dict[str, Any]],
+    model: str,
+    stream: bool,
+    temperature: float | None,
+    top_p: float | None,
+    max_tokens: int | None,
+    extra_payload: dict[str, Any] | None = None,
+):
+    token_manager = _require_token_manager()
+    ob1_client = _require_ob1_client()
+    api_key = await token_manager.get_api_key()
+    if not api_key:
+        log.warning("No valid OB-1 token available")
+        return JSONResponse(
+            status_code=503,
+            content={"error": "No valid OB-1 token. Run ob1 auth to login."},
+        )
+
+    resolved_model = await _resolve_model_name(model, api_key)
+
+    log.info(
+        "Chat request: model=%s resolved_model=%s stream=%s messages=%d",
+        model,
+        resolved_model,
+        stream,
+        len(messages),
+    )
+
+    try:
+        resp = await ob1_client.chat(
+            api_key=api_key,
+            messages=messages,
+            model=resolved_model,
+            stream=stream,
+            temperature=temperature,
+            top_p=top_p,
+            max_tokens=max_tokens,
+            extra_payload=extra_payload,
+        )
+    except Exception as e:
+        log.error("Backend error: %s", e)
+        return JSONResponse(status_code=502, content={"error": f"Backend error: {e}"})
+
+    if resp.status_code == 401:
+        await resp.aclose()
+        log.warning("Token rejected (401), refreshing...")
+        ok = await token_manager.refresh()
+        if not ok:
+            log.error("Token refresh failed")
+            return JSONResponse(
+                status_code=401, content={"error": "Token expired and refresh failed"}
+            )
+        api_key = await token_manager.get_api_key()
+        if not api_key:
+            return JSONResponse(
+                status_code=401, content={"error": "Token refresh failed"}
+            )
+        try:
+            resp = await ob1_client.chat(
+                api_key=api_key,
+                messages=messages,
+                model=resolved_model,
+                stream=stream,
+                temperature=temperature,
+                top_p=top_p,
+                max_tokens=max_tokens,
+                extra_payload=extra_payload,
+            )
+        except Exception as e:
+            log.error("Backend error after refresh: %s", e)
+            return JSONResponse(
+                status_code=502, content={"error": f"Backend error: {e}"}
+            )
+
+    if resp.status_code != 200:
+        try:
+            body = (await resp.aread()).decode()
+        except Exception:
+            body = "unable to read response body"
+        await resp.aclose()
+        log.error("OB-1 returned %d: %s", resp.status_code, body[:200])
+        return JSONResponse(
+            status_code=resp.status_code,
+            content={"error": f"OB-1 returned {resp.status_code}: {body[:500]}"},
+        )
+
+    return resp
+
+
+async def _resolve_model_name(requested_model: str, api_key: str) -> str:
+    ob1_client = _require_ob1_client()
+    raw_models = await ob1_client.fetch_models(api_key)
+    available = [item.get("id") for item in raw_models if item.get("id")]
+    if requested_model in available:
+        return requested_model
+
+    anthropic_prefixed = f"anthropic/{requested_model}"
+    if anthropic_prefixed in available:
+        return anthropic_prefixed
+
+    if requested_model.startswith("claude-"):
+        lowered = requested_model.lower()
+        family = None
+        for candidate in ("haiku", "sonnet", "opus"):
+            if candidate in lowered:
+                family = candidate
+                break
+
+        if family:
+            family_matches = [
+                model_id
+                for model_id in available
+                if model_id.startswith(f"anthropic/claude-{family}")
+            ]
+            if family_matches:
+                return sorted(family_matches)[-1]
+
+        anthropic_models = [
+            model_id for model_id in available if model_id.startswith("anthropic/")
+        ]
+        preferred_order = ["anthropic/claude-sonnet-4.6", "anthropic/claude-opus-4.6"]
+        for model_id in preferred_order:
+            if model_id in anthropic_models:
+                return model_id
+        if anthropic_models:
+            return sorted(anthropic_models)[-1]
+
+    return requested_model
+
+
+def _anthropic_to_openai_messages(
+    request: AnthropicMessagesRequest,
+) -> list[dict[str, Any]]:
+    messages: list[dict[str, Any]] = []
+    if request.system:
+        messages.append({"role": "system", "content": _flatten_content(request.system)})
+    for message in request.messages:
+        blocks = (
+            message.content
+            if isinstance(message.content, list)
+            else [{"type": "text", "text": message.content}]
+        )
+        text_parts: list[str] = []
+        tool_calls: list[dict[str, Any]] = []
+        tool_results: list[dict[str, Any]] = []
+
+        for block in blocks:
+            if not isinstance(block, dict):
+                continue
+            block_type = block.get("type")
+            if block_type == "text" and isinstance(block.get("text"), str):
+                text_parts.append(block["text"])
+            elif block_type == "tool_use":
+                tool_calls.append(
+                    {
+                        "id": block.get("id") or f"call_{uuid.uuid4().hex}",
+                        "type": "function",
+                        "function": {
+                            "name": block.get("name", "tool"),
+                            "arguments": json.dumps(
+                                block.get("input", {}), ensure_ascii=False
+                            ),
+                        },
+                    }
+                )
+            elif block_type == "tool_result":
+                tool_results.append(
+                    {
+                        "role": "tool",
+                        "tool_call_id": block.get("tool_use_id", ""),
+                        "content": _flatten_content(block.get("content", "")),
+                    }
+                )
+
+        if message.role == "assistant":
+            assistant_message: dict[str, Any] = {"role": "assistant"}
+            assistant_message["content"] = "\n".join(
+                part for part in text_parts if part
+            )
+            if tool_calls:
+                assistant_message["tool_calls"] = tool_calls
+            messages.append(assistant_message)
+        elif message.role == "user" and tool_results:
+            messages.extend(tool_results)
+            if text_parts:
+                messages.append({"role": "user", "content": "\n".join(text_parts)})
+        else:
+            messages.append(
+                {
+                    "role": message.role,
+                    "content": "\n".join(part for part in text_parts if part),
+                }
+            )
+    return messages
+
+
+def _anthropic_tools_to_openai(
+    tools: Optional[list[dict[str, Any]]],
+) -> Optional[list[dict[str, Any]]]:
+    if not tools:
+        return None
+    converted: list[dict[str, Any]] = []
+    for tool in tools:
+        converted.append(
+            {
+                "type": "function",
+                "function": {
+                    "name": tool.get("name", "tool"),
+                    "description": tool.get("description", ""),
+                    "parameters": tool.get(
+                        "input_schema", {"type": "object", "properties": {}}
+                    ),
+                },
+            }
+        )
+    return converted
+
+
+def _anthropic_tool_choice_to_openai(
+    tool_choice: Optional[dict[str, Any]],
+) -> Optional[dict[str, Any] | str]:
+    if not tool_choice:
+        return None
+    choice_type = tool_choice.get("type")
+    if choice_type in {"auto", "none"}:
+        return choice_type
+    if choice_type in {"any", "required"}:
+        return "required"
+    if choice_type == "tool":
+        name = tool_choice.get("name")
+        if name:
+            return {"type": "function", "function": {"name": name}}
+    return None
+
+
+def _build_openai_extra_payload(
+    tools: Optional[list[dict[str, Any]]],
+    tool_choice: Optional[dict[str, Any] | str],
+) -> Optional[dict[str, Any]]:
+    extra_payload: dict[str, Any] = {}
+    if tools:
+        extra_payload["tools"] = tools
+    if tool_choice is not None:
+        extra_payload["tool_choice"] = tool_choice
+    return extra_payload or None
+
+
+def _flatten_content(content: Any) -> str:
+    if content is None:
+        return ""
+    if isinstance(content, str):
+        return content
+    if isinstance(content, list):
+        parts: list[str] = []
+        for block in content:
+            if not isinstance(block, dict):
+                continue
+            if block.get("type") == "text" and isinstance(block.get("text"), str):
+                parts.append(block["text"])
+            elif block.get("type") == "tool_result":
+                parts.append(_flatten_content(block.get("content", "")))
+        return "\n".join(part for part in parts if part)
+    return str(content)
+
+
+def _openai_to_anthropic_response(data: dict[str, Any], model: str) -> dict[str, Any]:
+    choice = (data.get("choices") or [{}])[0]
+    message = choice.get("message") or {}
+    content_blocks: list[dict[str, Any]] = []
+    text = _flatten_content(message.get("content", ""))
+    if text:
+        content_blocks.append({"type": "text", "text": text})
+    for tool_call in message.get("tool_calls") or []:
+        function = tool_call.get("function") or {}
+        content_blocks.append(
+            {
+                "type": "tool_use",
+                "id": tool_call.get("id", f"toolu_{uuid.uuid4().hex}"),
+                "name": function.get("name", "tool"),
+                "input": _parse_json_object(function.get("arguments")),
+            }
+        )
+    usage = data.get("usage") or {}
+    return {
+        "id": data.get("id", f"msg_{uuid.uuid4().hex}"),
+        "type": "message",
+        "role": "assistant",
+        "content": content_blocks or [{"type": "text", "text": ""}],
+        "model": data.get("model", model),
+        "stop_reason": _map_finish_reason(choice.get("finish_reason")),
+        "stop_sequence": None,
+        "usage": {
+            "input_tokens": usage.get("prompt_tokens", 0),
+            "output_tokens": usage.get("completion_tokens", 0),
+        },
+    }
+
+
+def _map_finish_reason(reason: Optional[str]) -> str:
+    if reason in {None, "stop"}:
+        return "end_turn"
+    if reason == "length":
+        return "max_tokens"
+    if reason == "tool_calls":
+        return "tool_use"
+    return reason or "end_turn"
+
+
+def _parse_json_object(value: Any) -> dict[str, Any]:
+    if isinstance(value, dict):
+        return value
+    if isinstance(value, str) and value:
+        try:
+            parsed = json.loads(value)
+            if isinstance(parsed, dict):
+                return parsed
+        except json.JSONDecodeError:
+            pass
+    return {}
+
+
+async def _proxy_stream_anthropic(resp, model: str) -> AsyncGenerator[str, None]:
+    message_id = f"msg_{uuid.uuid4().hex}"
+    sent_start = False
+    text_started = False
+    text_index = 0
+    usage: dict[str, Any] = {"input_tokens": 0, "output_tokens": 0}
+    stop_reason = "end_turn"
+    tool_state: dict[int, dict[str, Any]] = {}
+    next_content_index = 0
+    try:
+        async for line in resp.aiter_lines():
+            if not line or not line.startswith("data: "):
+                continue
+            payload = line[6:]
+            if payload == "[DONE]":
+                break
+            try:
+                chunk = json.loads(payload)
+            except json.JSONDecodeError:
+                continue
+
+            if not sent_start:
+                prompt_tokens = ((chunk.get("usage") or {}).get("prompt_tokens")) or 0
+                usage["input_tokens"] = prompt_tokens
+                yield _anthropic_sse(
+                    "message_start",
+                    {
+                        "type": "message_start",
+                        "message": {
+                            "id": message_id,
+                            "type": "message",
+                            "role": "assistant",
+                            "content": [],
+                            "model": chunk.get("model", model),
+                            "stop_reason": None,
+                            "stop_sequence": None,
+                            "usage": usage,
+                        },
+                    },
+                )
+                sent_start = True
+
+            delta = (chunk.get("choices") or [{}])[0].get("delta") or {}
+            finish_reason = (chunk.get("choices") or [{}])[0].get("finish_reason")
+            text = delta.get("content")
+            if text:
+                if not text_started:
+                    text_index = next_content_index
+                    yield _anthropic_sse(
+                        "content_block_start",
+                        {
+                            "type": "content_block_start",
+                            "index": text_index,
+                            "content_block": {"type": "text", "text": ""},
+                        },
+                    )
+                    text_started = True
+                    next_content_index += 1
+                yield _anthropic_sse(
+                    "content_block_delta",
+                    {
+                        "type": "content_block_delta",
+                        "index": text_index,
+                        "delta": {"type": "text_delta", "text": text},
+                    },
+                )
+            chunk_usage = chunk.get("usage") or {}
+            if chunk_usage.get("completion_tokens") is not None:
+                usage["output_tokens"] = chunk_usage.get(
+                    "completion_tokens", usage["output_tokens"]
+                )
+                _track_usage(chunk_usage)
+            for tool_delta in delta.get("tool_calls") or []:
+                tool_idx = tool_delta.get("index", 0)
+                state = tool_state.setdefault(
+                    tool_idx,
+                    {
+                        "event_index": next_content_index,
+                        "id": tool_delta.get("id") or f"toolu_{uuid.uuid4().hex}",
+                        "name": ((tool_delta.get("function") or {}).get("name"))
+                        or "tool",
+                        "arguments": "",
+                        "started": False,
+                    },
+                )
+                if tool_delta.get("id"):
+                    state["id"] = tool_delta["id"]
+                function = tool_delta.get("function") or {}
+                if function.get("name"):
+                    state["name"] = function["name"]
+                if not state["started"]:
+                    next_content_index = max(
+                        next_content_index, state["event_index"] + 1
+                    )
+                    yield _anthropic_sse(
+                        "content_block_start",
+                        {
+                            "type": "content_block_start",
+                            "index": state["event_index"],
+                            "content_block": {
+                                "type": "tool_use",
+                                "id": state["id"],
+                                "name": state["name"],
+                                "input": {},
+                            },
+                        },
+                    )
+                    state["started"] = True
+                if function.get("arguments"):
+                    state["arguments"] += function["arguments"]
+                    yield _anthropic_sse(
+                        "content_block_delta",
+                        {
+                            "type": "content_block_delta",
+                            "index": state["event_index"],
+                            "delta": {
+                                "type": "input_json_delta",
+                                "partial_json": function["arguments"],
+                            },
+                        },
+                    )
+            if finish_reason:
+                stop_reason = _map_finish_reason(finish_reason)
+
+        if not sent_start:
+            yield _anthropic_sse(
+                "message_start",
+                {
+                    "type": "message_start",
+                    "message": {
+                        "id": message_id,
+                        "type": "message",
+                        "role": "assistant",
+                        "content": [],
+                        "model": model,
+                        "stop_reason": None,
+                        "stop_sequence": None,
+                        "usage": usage,
+                    },
+                },
+            )
+        if text_started:
+            yield _anthropic_sse(
+                "content_block_stop",
+                {"type": "content_block_stop", "index": text_index},
+            )
+        elif not tool_state:
+            yield _anthropic_sse(
+                "content_block_start",
+                {
+                    "type": "content_block_start",
+                    "index": next_content_index,
+                    "content_block": {"type": "text", "text": ""},
+                },
+            )
+            yield _anthropic_sse(
+                "content_block_stop",
+                {"type": "content_block_stop", "index": next_content_index},
+            )
+        for state in sorted(tool_state.values(), key=lambda item: item["event_index"]):
+            if state["started"]:
+                yield _anthropic_sse(
+                    "content_block_stop",
+                    {"type": "content_block_stop", "index": state["event_index"]},
+                )
+        yield _anthropic_sse(
+            "message_delta",
+            {
+                "type": "message_delta",
+                "delta": {"stop_reason": stop_reason, "stop_sequence": None},
+                "usage": {"output_tokens": usage["output_tokens"]},
+            },
+        )
+        yield _anthropic_sse("message_stop", {"type": "message_stop"})
+    finally:
+        await resp.aclose()
+
+
+def _anthropic_sse(event: str, data: dict[str, Any]) -> str:
+    return f"event: {event}\ndata: {json.dumps(data, ensure_ascii=False)}\n\n"
+
+
+def _track_usage(usage: dict):
+    """Extract token counts from usage and record cost."""
+    pt = usage.get("prompt_tokens", 0)
+    ct = usage.get("completion_tokens", 0)
+    if pt or ct:
+        # Rough OpenRouter-style cost estimate (per 1M tokens)
+        cost = pt * 0.000015 + ct * 0.000075
+        _require_token_manager().add_cost(cost)
+    elif usage:
+        _require_token_manager().add_cost(0)
+
+
+async def _proxy_stream(resp, tm) -> AsyncGenerator[str, None]:
+    """Proxy SSE stream from OB-1 backend directly to client."""
+    try:
+        async for line in resp.aiter_lines():
+            if line:
+                yield f"{line}\n\n"
+                # Extract usage from the final chunk
+                if line.startswith("data: ") and '"usage"' in line:
+                    try:
+                        chunk = json.loads(line[6:])
+                        usage = chunk.get("usage") or {}
+                        if usage:
+                            _track_usage(usage)
+                    except Exception:
+                        pass
+    finally:
+        await resp.aclose()

src/core/auth.py

@@ -0,0 +1,53 @@
+"""API key + JWT verification."""
+
+import secrets
+import time
+from typing import Optional
+
+import jwt
+from fastapi import HTTPException, Request
+
+from ..services.api_key_manager import ApiKeyManager
+from ..core import config
+
+_key_manager: Optional[ApiKeyManager] = None
+_JWT_SECRET = secrets.token_hex(32)
+_JWT_EXPIRE = 86400 * 7  # 7 days
+
+
+def init_auth(key_manager: ApiKeyManager):
+    global _key_manager
+    _key_manager = key_manager
+
+
+def create_login_token(username: str) -> str:
+    payload = {"sub": username, "exp": int(time.time()) + _JWT_EXPIRE}
+    return jwt.encode(payload, _JWT_SECRET, algorithm="HS256")
+
+
+def verify_login(username: str, password: str) -> bool:
+    return username == config.ADMIN_USERNAME and password == config.ADMIN_PASSWORD
+
+
+def _extract_token(request: Request) -> Optional[str]:
+    auth_header = request.headers.get("authorization", "")
+    if auth_header.lower().startswith("bearer "):
+        return auth_header[7:].strip()
+    return request.headers.get("x-api-key")
+
+
+async def verify_api_key(request: Request) -> str:
+    token = _extract_token(request)
+    if not token:
+        raise HTTPException(status_code=401, detail="Missing token")
+    # Try JWT first
+    try:
+        payload = jwt.decode(token, _JWT_SECRET, algorithms=["HS256"])
+        if payload.get("exp", 0) > time.time():
+            return token
+    except (jwt.InvalidTokenError, jwt.ExpiredSignatureError):
+        pass
+    # Fallback to API key
+    if _key_manager and _key_manager.validate(token):
+        return token
+    raise HTTPException(status_code=401, detail="Invalid token")

src/core/config.py

@@ -0,0 +1,76 @@
+"""Config loader with hot-reload support."""
+import os
+try:
+    import tomllib
+except ModuleNotFoundError:
+    import tomli as tomllib
+import tomli_w
+
+_CONFIG_PATH = os.path.abspath(
+    os.path.join(os.path.dirname(__file__), "..", "..", "config", "setting.toml")
+)
+
+
+def _load():
+    with open(_CONFIG_PATH, "rb") as f:
+        return tomllib.load(f)
+
+
+def _save(cfg: dict):
+    with open(_CONFIG_PATH, "wb") as f:
+        tomli_w.dump(cfg, f)
+
+
+_cfg = _load()
+
+API_KEY = _cfg["global"]["api_key"]
+HOST = _cfg["server"]["host"]
+PORT = _cfg["server"]["port"]
+
+# Admin credentials
+ADMIN_USERNAME = _cfg.get("admin", {}).get("username", "admin")
+ADMIN_PASSWORD = _cfg.get("admin", {}).get("password", "admin")
+
+# Proxy
+PROXY_URL = _cfg.get("proxy", {}).get("url", "")
+
+# Retry
+MAX_RETRIES = _cfg.get("retry", {}).get("max_retries", 3)
+RETRY_DELAY = _cfg.get("retry", {}).get("retry_delay", 1)
+
+# OB-1 config
+OB1_CREDENTIALS_PATH = _cfg["ob1"].get("credentials_path", "")
+OB1_WORKOS_AUTH_URL = _cfg["ob1"]["workos_auth_url"]
+OB1_WORKOS_CLIENT_ID = _cfg["ob1"]["workos_client_id"]
+OB1_API_BASE = _cfg["ob1"]["api_base"]
+OB1_REFRESH_BUFFER = _cfg["ob1"].get("refresh_buffer_seconds", 600)
+OB1_ROTATION_MODE = _cfg["ob1"].get("rotation_mode", "cache-first")
+OB1_REFRESH_INTERVAL = _cfg["ob1"].get("refresh_interval", 0)
+
+# Logging
+LOG_LEVEL = _cfg.get("logging", {}).get("level", "INFO")
+
+
+def reload():
+    """Reload config from disk into module-level variables."""
+    global _cfg, API_KEY, ADMIN_USERNAME, ADMIN_PASSWORD, PROXY_URL, MAX_RETRIES, RETRY_DELAY, OB1_ROTATION_MODE, OB1_REFRESH_INTERVAL, LOG_LEVEL
+    _cfg = _load()
+    API_KEY = _cfg["global"]["api_key"]
+    ADMIN_USERNAME = _cfg.get("admin", {}).get("username", "admin")
+    ADMIN_PASSWORD = _cfg.get("admin", {}).get("password", "admin")
+    PROXY_URL = _cfg.get("proxy", {}).get("url", "")
+    MAX_RETRIES = _cfg.get("retry", {}).get("max_retries", 3)
+    RETRY_DELAY = _cfg.get("retry", {}).get("retry_delay", 1)
+    OB1_ROTATION_MODE = _cfg["ob1"].get("rotation_mode", "cache-first")
+    OB1_REFRESH_INTERVAL = _cfg["ob1"].get("refresh_interval", 0)
+    LOG_LEVEL = _cfg.get("logging", {}).get("level", "INFO")
+
+
+def update_setting(section: str, key: str, value):
+    """Update a single setting, persist to disk, and reload."""
+    cfg = _load()
+    if section not in cfg:
+        cfg[section] = {}
+    cfg[section][key] = value
+    _save(cfg)
+    reload()

src/core/logger.py

@@ -0,0 +1,27 @@
+"""Centralized logging configuration."""
+import logging
+import sys
+
+LOG_FORMAT = "%(asctime)s [%(levelname)s] %(name)s: %(message)s"
+LOG_DATE_FORMAT = "%Y-%m-%d %H:%M:%S"
+
+
+def setup_logging(level: str = "INFO"):
+    """Configure root logger with console output."""
+    root = logging.getLogger("ob1")
+    root.setLevel(getattr(logging, level.upper(), logging.INFO))
+    if not root.handlers:
+        handler = logging.StreamHandler(sys.stdout)
+        handler.setFormatter(logging.Formatter(LOG_FORMAT, datefmt=LOG_DATE_FORMAT))
+        root.addHandler(handler)
+    return root
+
+
+def get_logger(name: str) -> logging.Logger:
+    return logging.getLogger(f"ob1.{name}")
+
+
+def set_level(level: str):
+    """Dynamically change log level."""
+    root = logging.getLogger("ob1")
+    root.setLevel(getattr(logging, level.upper(), logging.INFO))

src/core/models.py

@@ -0,0 +1,38 @@
+"""Pydantic models for OB1 2API."""
+
+from __future__ import annotations
+from typing import Any, List, Optional, Union
+from pydantic import BaseModel
+
+
+class ChatMessage(BaseModel):
+    role: str
+    content: Union[str, list]
+
+
+class ChatCompletionRequest(BaseModel):
+    model: str = "anthropic/claude-opus-4.6"
+    messages: List[ChatMessage]
+    stream: bool = False
+    temperature: Optional[float] = None
+    top_p: Optional[float] = None
+    max_tokens: Optional[int] = None
+    tools: Optional[List[dict[str, Any]]] = None
+    tool_choice: Optional[Union[str, dict[str, Any]]] = None
+
+
+class AnthropicMessage(BaseModel):
+    role: str
+    content: Union[str, List[dict[str, Any]]]
+
+
+class AnthropicMessagesRequest(BaseModel):
+    model: str = "anthropic/claude-opus-4.6"
+    messages: List[AnthropicMessage]
+    max_tokens: int = 4096
+    system: Optional[Union[str, List[dict[str, Any]]]] = None
+    stream: bool = False
+    temperature: Optional[float] = None
+    top_p: Optional[float] = None
+    tools: Optional[List[dict[str, Any]]] = None
+    tool_choice: Optional[dict[str, Any]] = None

src/main.py

@@ -0,0 +1,106 @@
+"""OB1 2API — FastAPI application."""
+import asyncio
+import os
+from fastapi import FastAPI
+from fastapi.middleware.cors import CORSMiddleware
+from fastapi.staticfiles import StaticFiles
+from fastapi.responses import RedirectResponse
+
+from .api import routes, admin
+from .services.token_manager import OB1TokenManager
+from .services.ob1_client import OB1Client
+from .services.api_key_manager import ApiKeyManager
+from .core.auth import init_auth
+from .core.config import API_KEY
+from .core import config as _config
+from .core.logger import setup_logging, get_logger
+
+setup_logging()
+log = get_logger("main")
+
+app = FastAPI(title="OB1 2API", version="1.0.0")
+
+# Auto-refresh task handle
+_auto_refresh_task: asyncio.Task | None = None
+
+# Static files
+_static_dir = os.path.join(os.path.dirname(__file__), "..", "static")
+app.mount("/static", StaticFiles(directory=os.path.abspath(_static_dir)), name="static")
+
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=["*"],
+    allow_methods=["*"],
+    allow_headers=["*"],
+)
+
+# Services
+token_manager = OB1TokenManager()
+ob1_client = OB1Client()
+api_key_manager = ApiKeyManager()
+
+# Init auth with key manager
+init_auth(api_key_manager)
+
+# Inject dependencies
+routes.init(token_manager, ob1_client)
+admin.init(token_manager, api_key_manager)
+
+# Register routers
+app.include_router(routes.router)
+app.include_router(admin.login_router)
+app.include_router(admin.router)
+
+
+@app.on_event("startup")
+async def startup():
+    api_key_manager.load(default_key=API_KEY)
+    token_manager.load()
+    if token_manager.is_loaded:
+        api_key = await token_manager.get_api_key()
+        log.info("OB1 2API started — user=%s token=%s", token_manager.user_email, "valid" if api_key else "needs refresh")
+    else:
+        log.info("OB1 2API started (no credentials loaded)")
+    # Periodic flush for api key stats
+    asyncio.create_task(_periodic_flush())
+    # Start auto-refresh if configured
+    restart_auto_refresh()
+
+
+async def _periodic_flush():
+    while True:
+        await asyncio.sleep(60)
+        api_key_manager.flush()
+
+
+async def _auto_refresh_loop(interval: int):
+    """Periodically refresh all account tokens."""
+    while True:
+        await asyncio.sleep(interval * 60)
+        log.info("Auto-refreshing all accounts (interval=%dm)", interval)
+        await token_manager.refresh()
+
+
+def restart_auto_refresh():
+    """(Re)start the auto-refresh task based on current config."""
+    global _auto_refresh_task
+    if _auto_refresh_task and not _auto_refresh_task.done():
+        _auto_refresh_task.cancel()
+        _auto_refresh_task = None
+    _config.reload()
+    interval = _config.OB1_REFRESH_INTERVAL
+    if interval and interval > 0:
+        _auto_refresh_task = asyncio.create_task(_auto_refresh_loop(interval))
+        log.info("Auto-refresh enabled: every %d minutes", interval)
+    else:
+        log.info("Auto-refresh disabled")
+
+
+@app.on_event("shutdown")
+async def shutdown():
+    api_key_manager.flush()
+
+
+@app.get("/")
+async def root():
+    return RedirectResponse("/static/login.html")

src/services/api_key_manager.py

@@ -0,0 +1,133 @@
+"""API key manager — multi-key support with CRUD."""
+from __future__ import annotations
+
+import json
+import os
+import secrets
+import time
+
+from ..core.logger import get_logger
+
+log = get_logger("api-keys")
+
+
+def _keys_path() -> str:
+    return os.path.join(os.path.dirname(__file__), "..", "..", "config", "api_keys.json")
+
+
+class ApiKey:
+    def __init__(self, data: dict):
+        self.key: str = data["key"]
+        self.name: str = data.get("name", "")
+        self.created_at: float = data.get("created_at", 0)
+        self.last_used: float = data.get("last_used", 0)
+        self.requests: int = data.get("requests", 0)
+        self.enabled: bool = data.get("enabled", True)
+
+    def to_dict(self) -> dict:
+        return {
+            "key": self.key,
+            "name": self.name,
+            "created_at": self.created_at,
+            "last_used": self.last_used,
+            "requests": self.requests,
+            "enabled": self.enabled,
+        }
+
+    def to_public(self) -> dict:
+        k = self.key
+        masked = k[:7] + "..." + k[-4:] if len(k) > 12 else k
+        return {
+            "key": masked,
+            "full_key": self.key,
+            "name": self.name,
+            "created_at": int(self.created_at * 1000),
+            "last_used": int(self.last_used * 1000) if self.last_used else 0,
+            "requests": self.requests,
+            "enabled": self.enabled,
+        }
+
+
+class ApiKeyManager:
+    def __init__(self):
+        self._keys: list[ApiKey] = []
+        self._path = _keys_path()
+        self._dirty = False
+
+    def load(self, default_key: str = ""):
+        if os.path.exists(self._path):
+            with open(self._path, "r", encoding="utf-8") as f:
+                data = json.load(f)
+            self._keys = [ApiKey(k) for k in data]
+        if not self._keys and default_key:
+            self._keys.append(ApiKey({
+                "key": default_key,
+                "name": "默认密钥",
+                "created_at": time.time(),
+            }))
+            self._save()
+        log.info("Loaded %d keys", len(self._keys))
+
+    def _save(self):
+        os.makedirs(os.path.dirname(self._path), exist_ok=True)
+        with open(self._path, "w", encoding="utf-8") as f:
+            json.dump([k.to_dict() for k in self._keys], f, indent=2)
+
+    def validate(self, key: str) -> bool:
+        for k in self._keys:
+            if k.key == key and k.enabled:
+                k.last_used = time.time()
+                k.requests += 1
+                self._dirty = True
+                return True
+        return False
+
+    def flush(self):
+        """Persist pending changes to disk."""
+        if self._dirty:
+            self._save()
+            self._dirty = False
+
+    def list_keys(self) -> list[dict]:
+        return [k.to_public() for k in self._keys]
+
+    def create_key(self, name: str = "") -> dict:
+        key = "sk-" + secrets.token_hex(24)
+        ak = ApiKey({
+            "key": key,
+            "name": name or f"Key-{len(self._keys) + 1}",
+            "created_at": time.time(),
+        })
+        self._keys.append(ak)
+        self._save()
+        return ak.to_public()
+
+    def create_key_with_value(self, key: str, name: str = "") -> dict:
+        """Create a key with a specific value (for syncing from settings)."""
+        for k in self._keys:
+            if k.key == key:
+                return k.to_public()
+        ak = ApiKey({
+            "key": key,
+            "name": name or f"Key-{len(self._keys) + 1}",
+            "created_at": time.time(),
+        })
+        self._keys.append(ak)
+        self._save()
+        return ak.to_public()
+
+    def delete_key(self, key: str) -> bool:
+        for i, k in enumerate(self._keys):
+            if k.key == key:
+                self._keys.pop(i)
+                self._save()
+                return True
+        return False
+
+    def toggle_key(self, key: str) -> bool:
+        for k in self._keys:
+            if k.key == key:
+                k.enabled = not k.enabled
+                self._save()
+                return True
+        return False

src/services/ob1_client.py

@@ -0,0 +1,125 @@
+"""OB-1 API client — proxies requests to dashboard.openblocklabs.com/api/v1."""
+
+from __future__ import annotations
+
+import httpx
+from typing import Any
+
+from ..core import config as _config
+from ..core.config import OB1_API_BASE
+from ..core.logger import get_logger
+
+log = get_logger("client")
+
+_HEADERS = {
+    "HTTP-Referer": "https://github.com/delta-hq/ob1",
+    "X-Title": "OB1 CLI",
+}
+
+
+class StreamResponse:
+    """Wrapper that keeps httpx client alive during streaming."""
+
+    def __init__(self, resp: httpx.Response, client: httpx.AsyncClient):
+        self._resp = resp
+        self._client = client
+
+    def __getattr__(self, name):
+        return getattr(self._resp, name)
+
+    async def aclose(self):
+        await self._resp.aclose()
+        await self._client.aclose()
+
+
+class OB1Client:
+    """Async HTTP client to OBL OpenRouter-compatible API."""
+
+    def __init__(self):
+        self.base_url = OB1_API_BASE
+        self._models_cache: list | None = None
+
+    def _proxy(self) -> str | None:
+        url = _config.PROXY_URL
+        return url if url else None
+
+    async def fetch_models(self, api_key: str) -> list:
+        """Fetch available models from OB-1. Cached after first call."""
+        if self._models_cache is not None:
+            return self._models_cache
+        try:
+            log.debug("Fetching models from %s/models", self.base_url)
+            async with httpx.AsyncClient(timeout=15, proxy=self._proxy()) as client:
+                resp = await client.get(
+                    f"{self.base_url}/models",
+                    headers={**_HEADERS, "Authorization": f"Bearer {api_key}"},
+                )
+            if resp.status_code == 200:
+                self._models_cache = resp.json().get("data", [])
+                log.info("Fetched %d models", len(self._models_cache))
+                return self._models_cache
+            log.warning("Models fetch returned %d", resp.status_code)
+        except Exception as e:
+            log.error("Models fetch failed: %s", e)
+        return []
+
+    async def chat(
+        self,
+        api_key: str,
+        messages: list,
+        model: str = "anthropic/claude-opus-4.6",
+        stream: bool = False,
+        temperature: float | None = None,
+        top_p: float | None = None,
+        max_tokens: int | None = None,
+        extra_payload: dict[str, Any] | None = None,
+    ) -> httpx.Response:
+        """Send chat completion request. Returns raw httpx Response."""
+        payload = {
+            "model": model,
+            "messages": messages,
+            "stream": stream,
+        }
+        if temperature is not None:
+            payload["temperature"] = temperature
+        if top_p is not None:
+            payload["top_p"] = top_p
+        if max_tokens is not None:
+            payload["max_tokens"] = max_tokens
+        if stream:
+            payload["stream_options"] = {"include_usage": True}
+        if extra_payload:
+            payload.update(extra_payload)
+
+        headers = {
+            **_HEADERS,
+            "Authorization": f"Bearer {api_key}",
+            "Content-Type": "application/json",
+        }
+
+        client = httpx.AsyncClient(timeout=300, proxy=self._proxy())
+        try:
+            if stream:
+                log.debug("Sending stream request to %s model=%s", self.base_url, model)
+                req = client.build_request(
+                    "POST",
+                    f"{self.base_url}/chat/completions",
+                    json=payload,
+                    headers=headers,
+                )
+                resp = await client.send(req, stream=True)
+                return StreamResponse(resp, client)
+            else:
+                log.debug("Sending request to %s model=%s", self.base_url, model)
+                resp = await client.post(
+                    f"{self.base_url}/chat/completions",
+                    json=payload,
+                    headers=headers,
+                )
+                log.debug("Response status=%d", resp.status_code)
+                await client.aclose()
+                return resp
+        except Exception as e:
+            log.error("Request failed: %s", e)
+            await client.aclose()
+            raise

src/services/token_manager.py

@@ -0,0 +1,315 @@
+"""OB-1 multi-account token manager."""
+from __future__ import annotations
+
+import json
+import os
+import random
+import time
+import httpx
+
+from ..core.config import (
+    OB1_WORKOS_AUTH_URL,
+    OB1_WORKOS_CLIENT_ID,
+    OB1_REFRESH_BUFFER,
+    OB1_API_BASE,
+)
+from ..core import config as _config
+from ..core.logger import get_logger
+
+log = get_logger("token")
+
+DEVICE_AUTH_URL = "https://api.workos.com/user_management/authorize/device"
+ORG_API_URL = f"{OB1_API_BASE}/auth/organizations"
+
+
+def _accounts_path() -> str:
+    return os.path.join(os.path.dirname(__file__), "..", "..", "config", "accounts.json")
+
+
+class Account:
+    def __init__(self, data: dict):
+        self.email: str = data.get("email", "")
+        self.access_token: str = data.get("access_token", "")
+        self.refresh_token: str = data.get("refresh_token", "")
+        self.expires_at: float = data.get("expires_at", 0)
+        self.org_id: str = data.get("org_id", "")
+        self.org_name: str = data.get("org_name", "")
+        self.user_id: str = data.get("user_id", "")
+        self.user_data: dict = data.get("user_data", {})
+
+    @property
+    def active(self) -> bool:
+        return bool(self.access_token) and self.expires_at > time.time()
+
+    def to_dict(self) -> dict:
+        return {
+            "email": self.email,
+            "access_token": self.access_token,
+            "refresh_token": self.refresh_token,
+            "expires_at": self.expires_at,
+            "org_id": self.org_id,
+            "org_name": self.org_name,
+            "user_id": self.user_id,
+            "user_data": self.user_data,
+        }
+
+    @staticmethod
+    def _mask(token: str) -> str:
+        if not token:
+            return ""
+        if len(token) <= 8:
+            return token[:2] + "..." + token[-2:]
+        return token[:4] + "..." + token[-4:]
+
+    def to_public(self) -> dict:
+        return {
+            "email": self.email,
+            "org_id": self.org_id,
+            "org_name": self.org_name,
+            "at_mask": self._mask(self.access_token),
+            "rt_mask": self._mask(self.refresh_token),
+            "active": self.active,
+            "expires_at": int(self.expires_at * 1000),
+        }
+
+
+class OB1TokenManager:
+    """Manages multiple OB-1 accounts with round-robin and auto-refresh."""
+
+    def __init__(self):
+        self._accounts: list[Account] = []
+        self._current_idx: int = 0
+        self._path = _accounts_path()
+        self._request_count: int = 0
+        self._cost_today: float = 0
+
+    def load(self):
+        # Load from accounts.json
+        if os.path.exists(self._path):
+            with open(self._path, "r", encoding="utf-8") as f:
+                data = json.load(f)
+            self._accounts = [Account(a) for a in data]
+            log.info("Loaded %d accounts", len(self._accounts))
+        # Also import from ~/.ob1/credentials.json if accounts.json is empty
+        if not self._accounts:
+            cred_path = os.path.join(os.path.expanduser("~"), ".ob1", "credentials.json")
+            if os.path.exists(cred_path):
+                self._import_credentials(cred_path)
+
+    def _import_credentials(self, path: str):
+        with open(path, "r", encoding="utf-8") as f:
+            data = json.load(f)
+        oauth = data.get("oauth", {})
+        if not oauth.get("access_token"):
+            return
+        user = oauth.get("user", {})
+        acct = Account({
+            "email": user.get("email", ""),
+            "access_token": oauth.get("access_token", ""),
+            "refresh_token": oauth.get("refresh_token", ""),
+            "expires_at": oauth.get("expires_at", 0) / 1000,
+            "org_id": oauth.get("organization_id", ""),
+            "user_id": user.get("id", ""),
+            "user_data": user,
+        })
+        self._accounts.append(acct)
+        self._save()
+        log.info("Imported %s from credentials.json", acct.email)
+
+    def _save(self):
+        os.makedirs(os.path.dirname(self._path), exist_ok=True)
+        with open(self._path, "w", encoding="utf-8") as f:
+            json.dump([a.to_dict() for a in self._accounts], f, indent=2)
+
+    @property
+    def is_loaded(self) -> bool:
+        return len(self._accounts) > 0
+
+    @property
+    def user_email(self) -> str:
+        if self._accounts:
+            return self._accounts[0].email
+        return ""
+
+    @property
+    def org_id(self) -> str:
+        if self._accounts:
+            return self._accounts[0].org_id
+        return ""
+
+    def list_accounts(self) -> list[dict]:
+        return [a.to_public() for a in self._accounts]
+
+    @property
+    def current_idx(self) -> int:
+        return self._current_idx
+
+    @property
+    def stats(self) -> dict:
+        active = sum(1 for a in self._accounts if a.active)
+        return {
+            "total": len(self._accounts),
+            "active": active,
+            "cost": self._cost_today,
+            "requests": self._request_count,
+        }
+
+    def add_cost(self, cost: float):
+        self._cost_today += cost
+        self._request_count += 1
+
+    async def refresh_account(self, idx: int, force: bool = False) -> bool:
+        if idx < 0 or idx >= len(self._accounts):
+            return False
+        acct = self._accounts[idx]
+        if not acct.refresh_token:
+            return False
+        # Skip if token still valid (not within buffer), unless forced
+        if not force and acct.expires_at - time.time() > OB1_REFRESH_BUFFER:
+            log.debug("Skipping refresh for %s, token still valid (%.0fh remaining)",
+                      acct.email, (acct.expires_at - time.time()) / 3600)
+            return True
+        try:
+            proxy = _config.PROXY_URL or None
+            async with httpx.AsyncClient(proxy=proxy, timeout=30) as client:
+                resp = await client.post(
+                    OB1_WORKOS_AUTH_URL,
+                    data={
+                        "grant_type": "refresh_token",
+                        "refresh_token": acct.refresh_token,
+                        "client_id": OB1_WORKOS_CLIENT_ID,
+                    },
+                    headers={"Content-Type": "application/x-www-form-urlencoded"},
+                )
+            if resp.status_code != 200:
+                log.warning("Refresh failed for %s: %d %s", acct.email, resp.status_code, resp.text)
+                return False
+            result = resp.json()
+            acct.access_token = result["access_token"]
+            acct.refresh_token = result.get("refresh_token", acct.refresh_token)
+            acct.expires_at = time.time() + result.get("expires_in", 3600)
+            self._save()
+            log.info("Refreshed %s", acct.email)
+            return True
+        except Exception as e:
+            log.error("Refresh error for %s: %s", acct.email, e)
+            return False
+
+    def remove_account(self, idx: int) -> bool:
+        if idx < 0 or idx >= len(self._accounts):
+            return False
+        removed = self._accounts.pop(idx)
+        self._save()
+        log.info("Removed %s", removed.email)
+        return True
+
+    async def add_account_from_device(self, auth_result: dict) -> str:
+        """Add account from device auth result. Returns email."""
+        user = auth_result.get("user", {})
+        at = auth_result["access_token"]
+        rt = auth_result["refresh_token"]
+        expires_in = auth_result.get("expires_in", 3600)
+        user_id = user.get("id", "")
+        email = user.get("email", "")
+
+        # Fetch org
+        org_id = ""
+        org_name = ""
+        try:
+            proxy = _config.PROXY_URL or None
+            async with httpx.AsyncClient(proxy=proxy, timeout=15) as client:
+                resp = await client.get(
+                    f"{ORG_API_URL}?user_id={user_id}",
+                    headers={"Authorization": f"Bearer {at}"},
+                )
+            if resp.status_code == 200:
+                orgs = resp.json().get("data", [])
+                if orgs:
+                    org_id = orgs[0].get("organizationId", "")
+                    org_name = orgs[0].get("organizationName", "")
+        except Exception as e:
+            log.error("Org fetch error: %s", e)
+
+        # Check duplicate
+        for a in self._accounts:
+            if a.email == email:
+                a.access_token = at
+                a.refresh_token = rt
+                a.expires_at = time.time() + expires_in
+                a.org_id = org_id or a.org_id
+                a.org_name = org_name or a.org_name
+                self._save()
+                return email
+
+        acct = Account({
+            "email": email,
+            "access_token": at,
+            "refresh_token": rt,
+            "expires_at": time.time() + expires_in,
+            "org_id": org_id,
+            "org_name": org_name,
+            "user_id": user_id,
+            "user_data": user,
+        })
+        self._accounts.append(acct)
+        self._save()
+        log.info("Added account %s (org: %s)", email, org_name)
+        return email
+
+    async def get_api_key(self) -> str | None:
+        """Get a valid API key based on rotation mode."""
+        if not self._accounts:
+            return None
+        n = len(self._accounts)
+        mode = _config.OB1_ROTATION_MODE
+
+        if mode == "performance":
+            order = random.sample(range(n), n)
+        elif mode == "cache-first":
+            # 优先使用上次成功的账号
+            order = [self._current_idx] + [i for i in range(n) if i != self._current_idx]
+        else:  # balanced (default) — 轮流使用
+            order = [(self._current_idx + i) % n for i in range(n)]
+            self._current_idx = (self._current_idx + 1) % n
+
+        for idx in order:
+            acct = self._accounts[idx]
+            if acct.expires_at - time.time() < OB1_REFRESH_BUFFER:
+                await self.refresh_account(idx)
+            if acct.active:
+                if acct.org_id:
+                    return f"{acct.access_token}:{acct.org_id}"
+                return acct.access_token
+        return None
+
+    async def refresh(self) -> bool:
+        """Refresh all accounts."""
+        ok = False
+        for i in range(len(self._accounts)):
+            if await self.refresh_account(i):
+                ok = True
+        return ok
+
+    def import_accounts(self, data: list[dict]) -> int:
+        """Import accounts from a list of dicts, skip duplicates by email."""
+        existing = {a.email for a in self._accounts}
+        count = 0
+        for d in data:
+            if d.get("email") and d["email"] not in existing:
+                self._accounts.append(Account(d))
+                existing.add(d["email"])
+                count += 1
+        if count:
+            self._save()
+        return count
+
+    def batch_remove(self, indices: list[int]) -> int:
+        """Remove accounts by indices (descending to keep order)."""
+        removed = 0
+        for i in sorted(indices, reverse=True):
+            if 0 <= i < len(self._accounts):
+                self._accounts.pop(i)
+                removed += 1
+        if removed:
+            self._save()
+        return removed

static/login.html

@@ -0,0 +1,50 @@
+<!DOCTYPE html>
+<html lang="zh-CN" class="h-full">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>登录 - OB1 2API</title>
+    <script src="https://cdn.tailwindcss.com"></script>
+    <style>
+        @keyframes slide-up{from{transform:translateY(100%);opacity:0}to{transform:translateY(0);opacity:1}}
+        .animate-slide-up{animation:slide-up .3s ease-out}
+    </style>
+    <script>
+        tailwind.config={theme:{extend:{colors:{border:"hsl(0 0% 89%)",input:"hsl(0 0% 89%)",ring:"hsl(0 0% 3.9%)",background:"hsl(0 0% 100%)",foreground:"hsl(0 0% 3.9%)",primary:{DEFAULT:"hsl(0 0% 9%)",foreground:"hsl(0 0% 98%)"},secondary:{DEFAULT:"hsl(0 0% 96.1%)",foreground:"hsl(0 0% 9%)"},muted:{DEFAULT:"hsl(0 0% 96.1%)",foreground:"hsl(0 0% 45.1%)"},destructive:{DEFAULT:"hsl(0 84.2% 60.2%)",foreground:"hsl(0 0% 98%)"}}}}}
+    </script>
+</head>
+<body class="h-full bg-background text-foreground antialiased">
+    <div class="flex min-h-full flex-col justify-center py-12 px-4 sm:px-6 lg:px-8">
+        <div class="sm:mx-auto sm:w-full sm:max-w-md">
+            <div class="text-center">
+                <h1 class="text-4xl font-bold">OB1 2API</h1>
+                <p class="mt-2 text-sm text-muted-foreground">管理员控制台</p>
+            </div>
+        </div>
+        <div class="sm:mx-auto sm:w-full sm:max-w-md">
+            <div class="bg-background py-8 px-4 sm:px-10 rounded-lg">
+                <form id="loginForm" class="space-y-6">
+                    <div class="space-y-2">
+                        <label for="username" class="text-sm font-medium">账户</label>
+                        <input type="text" id="username" required class="flex h-10 w-full rounded-md border border-input bg-background px-3 py-2 text-sm placeholder:text-muted-foreground focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-ring" placeholder="请输入账户">
+                    </div>
+                    <div class="space-y-2">
+                        <label for="password" class="text-sm font-medium">密码</label>
+                        <input type="password" id="password" required class="flex h-10 w-full rounded-md border border-input bg-background px-3 py-2 text-sm placeholder:text-muted-foreground focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-ring" placeholder="请输入密码">
+                    </div>
+                    <button type="submit" id="loginBtn" class="inline-flex items-center justify-center rounded-md font-medium transition-colors bg-primary text-primary-foreground hover:bg-primary/90 h-10 w-full disabled:opacity-50">登录</button>
+                </form>
+                <div class="mt-6 text-center text-xs text-muted-foreground">
+                    <p>OB1 2API &copy; 2025</p>
+                </div>
+            </div>
+        </div>
+    </div>
+    <script>
+        const form=document.getElementById('loginForm'),btn=document.getElementById('loginBtn');
+        form.addEventListener('submit',async(e)=>{e.preventDefault();btn.disabled=true;btn.textContent='登录中...';try{const r=await fetch('/api/login',{method:'POST',headers:{'Content-Type':'application/json'},body:JSON.stringify({username:document.getElementById('username').value.trim(),password:document.getElementById('password').value})});const d=await r.json();d.success?(localStorage.setItem('adminToken',d.token),location.href='/static/manage.html'):showToast(d.message||'登录失败','error')}catch(e){showToast('网络错误','error')}finally{btn.disabled=false;btn.textContent='登录'}});
+        function showToast(m,t='error'){const d=document.createElement('div'),bc={success:'bg-green-600',error:'bg-destructive',info:'bg-primary'};d.className=`fixed bottom-4 right-4 ${bc[t]||bc.error} text-white px-4 py-2.5 rounded-lg shadow-lg text-sm font-medium z-50 animate-slide-up`;d.textContent=m;document.body.appendChild(d);setTimeout(()=>{d.style.opacity='0';d.style.transition='opacity .3s';setTimeout(()=>d.remove(),300)},2000)}
+        window.addEventListener('DOMContentLoaded',()=>{const t=localStorage.getItem('adminToken');t&&fetch('/admin/status',{headers:{Authorization:'Bearer '+t}}).then(r=>{if(r.ok)location.href='/static/manage.html'})});
+    </script>
+</body>
+</html>

static/manage.css

@@ -0,0 +1,35 @@
+@keyframes slide-up{from{transform:translateY(100%);opacity:0}to{transform:translateY(0);opacity:1}}
+.animate-slide-up{animation:slide-up .3s ease-out}
+.tab-btn{transition:all .2s ease}
+@keyframes pulse-dot{0%,100%{opacity:1}50%{opacity:.3}}
+.typing-dot{animation:pulse-dot 1.2s infinite}
+.typing-dot:nth-child(2){animation-delay:.2s}
+.typing-dot:nth-child(3){animation-delay:.4s}
+.chat-msg pre{background:#f3f4f6;border-radius:6px;padding:12px;overflow-x:auto;margin:8px 0}
+.chat-msg code{font-size:13px}
+.chat-msg p{margin:4px 0}
+.chat-msg ul,.chat-msg ol{margin:4px 0 4px 20px}
+
+/* Batch dropdown */
+.batch-dropdown-container{position:relative;display:inline-block}
+.batch-dropdown-btn{display:inline-flex;align-items:center;justify-content:center;height:32px;padding:0 12px;background:#6366f1;color:white;border:none;border-radius:6px;font-size:14px;font-weight:500;cursor:pointer;transition:all .2s ease}
+.batch-dropdown-btn:hover{background:#4f46e5}
+.batch-dropdown-arrow{margin-left:4px;transition:transform .3s cubic-bezier(.4,0,.2,1)}
+.batch-dropdown-container:hover .batch-dropdown-arrow{transform:rotate(180deg)}
+.batch-dropdown-menu{position:absolute;top:calc(100% + 4px);left:0;min-width:160px;background:white;border-radius:6px;box-shadow:0 4px 12px rgba(0,0,0,.15);z-index:50;opacity:0;visibility:hidden;transform:translateY(-8px);transition:all .2s cubic-bezier(.4,0,.2,1);overflow:hidden}
+.batch-dropdown-container:hover .batch-dropdown-menu{opacity:1;visibility:visible;transform:translateY(0)}
+.batch-dropdown-item{display:flex;align-items:center;width:100%;padding:8px 12px;border:none;background:none;cursor:pointer;font-size:13px;color:#374151;transition:background .15s}
+.batch-dropdown-item:hover{background:#f3f4f6}
+.batch-dropdown-item svg{width:16px;height:16px;margin-right:8px;flex-shrink:0}
+
+/* Modal */
+.modal-overlay{position:fixed;inset:0;background:rgba(0,0,0,.5);z-index:100;display:flex;align-items:center;justify-content:center}
+.modal-box{background:white;border-radius:8px;padding:24px;width:90%;max-width:480px;box-shadow:0 8px 30px rgba(0,0,0,.2)}
+
+/* Account card */
+.account-card{border:1px solid hsl(0 0% 89%);border-radius:8px;padding:16px;transition:box-shadow .2s}
+.account-card:hover{box-shadow:0 2px 8px rgba(0,0,0,.08)}
+.account-status{display:inline-flex;align-items:center;gap:4px;font-size:12px;padding:2px 8px;border-radius:9999px}
+.account-status.active{background:#dcfce7;color:#16a34a}
+.account-status.expired{background:#fee2e2;color:#dc2626}
+.account-status.unknown{background:#f3f4f6;color:#6b7280}

static/manage.html

@@ -0,0 +1,255 @@
+<!DOCTYPE html>
+<html lang="zh-CN" class="h-full">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>管理控制台 - OB1 2API</title>
+    <script src="https://cdn.tailwindcss.com"></script>
+    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/styles/github.min.css">
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/highlight.min.js"></script>
+    <script src="https://cdn.jsdelivr.net/npm/marked/marked.min.js"></script>
+    <link rel="stylesheet" href="/static/manage.css">
+    <script>
+        tailwind.config={theme:{extend:{colors:{border:"hsl(0 0% 89%)",input:"hsl(0 0% 89%)",ring:"hsl(0 0% 3.9%)",background:"hsl(0 0% 100%)",foreground:"hsl(0 0% 3.9%)",primary:{DEFAULT:"hsl(0 0% 9%)",foreground:"hsl(0 0% 98%)"},secondary:{DEFAULT:"hsl(0 0% 96.1%)",foreground:"hsl(0 0% 9%)"},muted:{DEFAULT:"hsl(0 0% 96.1%)",foreground:"hsl(0 0% 45.1%)"},destructive:{DEFAULT:"hsl(0 84.2% 60.2%)",foreground:"hsl(0 0% 98%)"}}}}}
+    </script>
+</head>
+<body class="h-full bg-background text-foreground antialiased">
+    <header class="sticky top-0 z-50 w-full border-b border-border/40 bg-background/95 backdrop-blur">
+        <div class="mx-auto flex h-14 max-w-7xl items-center px-6">
+            <span class="font-bold text-xl mr-4">OB1 2API</span>
+            <div class="flex flex-1 items-center justify-end gap-3">
+                <a href="https://github.com/longnghiemduc6-art/ob12api" target="_blank" rel="noopener noreferrer" class="inline-flex items-center justify-center text-muted-foreground hover:text-foreground transition-colors h-7 w-7 rounded" title="GitHub">
+                    <svg class="h-5 w-5" viewBox="0 0 24 24" fill="currentColor"><path d="M12 0C5.37 0 0 5.37 0 12c0 5.31 3.435 9.795 8.205 11.385.6.105.825-.255.825-.57 0-.285-.015-1.23-.015-2.235-3.015.555-3.795-.735-4.035-1.41-.135-.345-.72-1.41-1.23-1.695-.42-.225-1.02-.78-.015-.795.945-.015 1.62.87 1.845 1.23 1.08 1.815 2.805 1.305 3.495.99.105-.78.42-1.305.765-1.605-2.67-.3-5.46-1.335-5.46-5.925 0-1.305.465-2.385 1.23-3.225-.12-.3-.54-1.53.12-3.18 0 0 1.005-.315 3.3 1.23.96-.27 1.98-.405 3-.405s2.04.135 3 .405c2.295-1.56 3.3-1.23 3.3-1.23.66 1.65.24 2.88.12 3.18.765.84 1.23 1.905 1.23 3.225 0 4.605-2.805 5.625-5.475 5.925.435.375.81 1.095.81 2.22 0 1.605-.015 2.895-.015 3.3 0 .315.225.69.825.57A12.02 12.02 0 0 0 24 12c0-6.63-5.37-12-12-12z"/></svg>
+                </a>
+                <button onclick="logout()" class="inline-flex items-center justify-center text-xs transition-colors hover:bg-secondary h-7 px-2.5 gap-1 rounded">
+                    <svg class="h-3.5 w-3.5" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M9 21H5a2 2 0 0 1-2-2V5a2 2 0 0 1 2-2h4"/><polyline points="16 17 21 12 16 7"/><line x1="21" y1="12" x2="9" y2="12"/></svg>
+                    退出
+                </button>
+            </div>
+        </div>
+    </header>
+
+    <main class="mx-auto max-w-7xl px-6 py-6">
+        <div class="border-b border-border mb-6">
+            <nav class="flex space-x-8">
+                <button onclick="switchTab('accounts')" id="tabAccounts" class="tab-btn border-b-2 border-primary text-sm font-medium py-3 px-1">账号管理</button>
+                <button onclick="switchTab('settings')" id="tabSettings" class="tab-btn border-b-2 border-transparent text-sm font-medium py-3 px-1 text-muted-foreground">系统设置</button>
+                <button onclick="switchTab('chat')" id="tabChat" class="tab-btn border-b-2 border-transparent text-sm font-medium py-3 px-1 text-muted-foreground">聊天测试</button>
+            </nav>
+        </div>
+
+        <!-- 账号管理 -->
+        <div id="panelAccounts">
+            <div class="grid gap-4 grid-cols-2 md:grid-cols-4 mb-6">
+                <div class="rounded-lg border border-border bg-background p-4">
+                    <p class="text-sm font-medium text-muted-foreground mb-1">OB1 账号</p>
+                    <h3 class="text-2xl font-bold" id="statTotal">-</h3>
+                </div>
+                <div class="rounded-lg border border-border bg-background p-4">
+                    <p class="text-sm font-medium text-muted-foreground mb-1">活跃账号</p>
+                    <h3 class="text-2xl font-bold text-green-600" id="statActive">-</h3>
+                </div>
+                <div class="rounded-lg border border-border bg-background p-4">
+                    <p class="text-sm font-medium text-muted-foreground mb-1">总消耗</p>
+                    <h3 class="text-2xl font-bold text-blue-600" id="statCost">$0.00</h3>
+                </div>
+                <div class="rounded-lg border border-border bg-background p-4">
+                    <p class="text-sm font-medium text-muted-foreground mb-1">总请求</p>
+                    <h3 class="text-2xl font-bold text-purple-600" id="statRequests">-</h3>
+                </div>
+            </div>
+
+            <div class="rounded-lg border border-border bg-background mb-6">
+                <div class="flex items-center justify-between gap-4 p-4 border-b border-border">
+                    <div class="flex items-center gap-3">
+                        <h3 class="text-lg font-semibold">OB1 账号</h3>
+                        <select id="accountFilter" onchange="renderAccounts()" class="text-xs h-7 rounded-md border border-input bg-background px-2">
+                            <option value="all">全部</option>
+                            <option value="active">活跃</option>
+                            <option value="expired">已过期</option>
+                        </select>
+                    </div>
+                    <div class="flex items-center gap-3">
+                        <div class="flex items-center gap-2">
+                            <span class="text-xs text-muted-foreground">自动刷新AT</span>
+                            <label class="inline-flex items-center cursor-pointer">
+                                <input type="checkbox" id="atAutoRefreshToggle" class="sr-only peer" checked>
+                                <div class="relative w-11 h-6 bg-gray-200 peer-focus:outline-none rounded-full peer peer-checked:after:translate-x-full peer-checked:after:border-white after:content-[''] after:absolute after:top-[2px] after:left-[2px] after:bg-white after:border-gray-300 after:border after:rounded-full after:h-5 after:w-5 after:transition-all peer-checked:bg-primary"></div>
+                            </label>
+                        </div>
+                        <button onclick="loadAccounts()" class="inline-flex items-center justify-center rounded-md transition-colors hover:bg-secondary h-8 w-8" title="刷新">
+                            <svg class="h-4 w-4" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><polyline points="23 4 23 10 17 10"/><polyline points="1 20 1 14 7 14"/><path d="M3.51 9a9 9 0 0 1 14.85-3.36L23 10M1 14l4.64 4.36A9 9 0 0 0 20.49 15"/></svg>
+                        </button>
+                        <div class="batch-dropdown-container">
+                            <button class="batch-dropdown-btn">批量操作<svg class="batch-dropdown-arrow" width="12" height="12" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><polyline points="6 9 12 15 18 9"/></svg></button>
+                            <div class="batch-dropdown-menu">
+                                <button onclick="refreshAllAccounts()" class="batch-dropdown-item">
+                                    <svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><polyline points="23 4 23 10 17 10"/><polyline points="1 20 1 14 7 14"/><path d="M3.51 9a9 9 0 0 1 14.85-3.36L23 10M1 14l4.64 4.36A9 9 0 0 0 20.49 15"/></svg>
+                                    <span>全部刷新</span>
+                                </button>
+                                <button onclick="batchDeleteAccounts()" class="batch-dropdown-item" style="color:#dc2626">
+                                    <svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><polyline points="3 6 5 6 21 6"/><path d="M19 6v14a2 2 0 0 1-2 2H7a2 2 0 0 1-2-2V6m3 0V4a2 2 0 0 1 2-2h4a2 2 0 0 1 2 2v2"/></svg>
+                                    <span>批量删除</span>
+                                </button>
+                            </div>
+                        </div>
+                        <button onclick="exportAccounts()" class="inline-flex items-center justify-center rounded-md text-xs font-medium h-8 px-3 bg-blue-600 text-white hover:bg-blue-700 transition-colors">导出</button>
+                        <button onclick="importAccounts()" class="inline-flex items-center justify-center rounded-md text-xs font-medium h-8 px-3 bg-green-600 text-white hover:bg-green-700 transition-colors">导入</button>
+                        <button onclick="openDeviceAuth()" class="inline-flex items-center justify-center rounded-md text-xs font-medium h-8 px-3 bg-primary text-primary-foreground hover:bg-primary/90 transition-colors">添加账号</button>
+                    </div>
+                </div>
+                <div class="overflow-x-auto">
+                    <table class="w-full text-sm">
+                        <thead>
+                            <tr class="border-b border-border text-left text-xs text-muted-foreground">
+                                <th class="px-4 py-2 w-8"><input type="checkbox" id="selectAll" onchange="toggleSelectAll()" class="rounded"></th>
+                                <th class="px-4 py-2 font-medium">邮箱</th>
+                                <th class="px-4 py-2 font-medium">AT</th>
+                                <th class="px-4 py-2 font-medium">RT</th>
+                                <th class="px-4 py-2 font-medium">状态</th>
+                                <th class="px-4 py-2 font-medium text-right">操作</th>
+                            </tr>
+                        </thead>
+                        <tbody id="accountList"></tbody>
+                    </table>
+                </div>
+                <div id="accountFooter" class="px-4 py-2.5 border-t border-border text-xs text-muted-foreground"></div>
+            </div>
+        </div>
+
+        <!-- 系统设置 -->
+        <div id="panelSettings" class="hidden">
+            <div class="grid gap-6 lg:grid-cols-2">
+                <!-- 安全配置 -->
+                <div class="rounded-lg border border-border bg-background p-6">
+                    <h3 class="text-base font-semibold mb-4">安全配置</h3>
+                    <div class="space-y-3">
+                        <div>
+                            <label class="text-sm text-muted-foreground">管理员用户名</label>
+                            <div class="flex gap-2 mt-1">
+                                <input id="cfgUsername" class="flex h-9 w-full rounded-md border border-input bg-background px-3 text-sm" placeholder="admin">
+                                <button onclick="updateUsername()" class="shrink-0 h-9 px-3 rounded-md bg-primary text-primary-foreground text-sm hover:bg-primary/90">保存</button>
+                            </div>
+                        </div>
+                        <div>
+                            <label class="text-sm text-muted-foreground">修改密码</label>
+                            <input id="cfgOldPwd" type="password" class="flex h-9 w-full rounded-md border border-input bg-background px-3 text-sm mt-1" placeholder="旧密码">
+                            <input id="cfgNewPwd" type="password" class="flex h-9 w-full rounded-md border border-input bg-background px-3 text-sm mt-2" placeholder="新密码">
+                            <button onclick="updatePassword()" class="mt-2 h-9 px-3 rounded-md bg-primary text-primary-foreground text-sm hover:bg-primary/90">修改密码</button>
+                        </div>
+                    </div>
+                </div>
+                <!-- API 密钥配置 -->
+                <div class="rounded-lg border border-border bg-background p-6">
+                    <h3 class="text-base font-semibold mb-4">API 密钥配置</h3>
+                    <div class="space-y-3">
+                        <div>
+                            <label class="text-sm text-muted-foreground">当前 API Key</label>
+                            <input id="cfgCurrentKey" class="flex h-9 w-full rounded-md border border-input bg-secondary px-3 text-sm mt-1" readonly>
+                        </div>
+                        <div>
+                            <label class="text-sm text-muted-foreground">新 API Key</label>
+                            <div class="flex gap-2 mt-1">
+                                <input id="cfgNewKey" class="flex h-9 w-full rounded-md border border-input bg-background px-3 text-sm" placeholder="输入新的 API Key">
+                                <button onclick="updateAPIKey()" class="shrink-0 h-9 px-3 rounded-md bg-primary text-primary-foreground text-sm hover:bg-primary/90">更新</button>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+                <!-- 代理配置 -->
+                <div class="rounded-lg border border-border bg-background p-6">
+                    <h3 class="text-base font-semibold mb-4">代理配置</h3>
+                    <div>
+                        <label class="text-sm text-muted-foreground">代理 URL</label>
+                        <div class="flex gap-2 mt-1">
+                            <input id="cfgProxy" class="flex h-9 w-full rounded-md border border-input bg-background px-3 text-sm" placeholder="http://127.0.0.1:7890">
+                            <button id="btnTestProxy" onclick="testProxy()" class="shrink-0 h-9 px-3 rounded-md border border-input bg-background text-sm hover:bg-secondary">测试</button>
+                            <button onclick="updateProxy()" class="shrink-0 h-9 px-3 rounded-md bg-primary text-primary-foreground text-sm hover:bg-primary/90">保存</button>
+                        </div>
+                    </div>
+                </div>
+                <!-- 调度模式 -->
+                <div class="rounded-lg border border-border bg-background p-6">
+                    <h3 class="text-base font-semibold mb-4">调度模式</h3>
+                    <div>
+                        <label class="text-sm text-muted-foreground">选择调度策略</label>
+                        <div class="flex gap-2 mt-1">
+                            <select id="cfgRotationMode" onchange="selectRotation(this.value)" class="flex h-9 w-full rounded-md border border-input bg-background px-3 text-sm">
+                                <option value="cache-first">缓存优先 — 优先使用上次成功的账号</option>
+                                <option value="balanced">平衡轮换 — 均衡分配请求负载</option>
+                                <option value="performance">性能优先 — 随机选择，适合高并发</option>
+                            </select>
+                        </div>
+                    </div>
+                </div>
+                <!-- 自动刷新 -->
+                <div class="rounded-lg border border-border bg-background p-6">
+                    <h3 class="text-base font-semibold mb-4">Token 自动续期</h3>
+                    <div>
+                        <label class="text-sm text-muted-foreground">检查间隔（分钟），0 为关闭</label>
+                        <div class="flex gap-2 mt-1">
+                            <input id="cfgRefreshInterval" type="number" min="0" class="flex h-9 w-full rounded-md border border-input bg-background px-3 text-sm" placeholder="0">
+                            <button onclick="updateRefreshInterval()" class="shrink-0 h-9 px-3 rounded-md bg-primary text-primary-foreground text-sm hover:bg-primary/90">保存</button>
+                        </div>
+                        <p class="text-xs text-muted-foreground mt-1">定时检查 Token 有效期，仅在临近过期时才刷新</p>
+                    </div>
+                </div>
+                <!-- 调试日志 -->
+                <div class="rounded-lg border border-border bg-background p-6">
+                    <h3 class="text-base font-semibold mb-4">调试日志</h3>
+                    <div class="flex items-center justify-between">
+                        <span class="text-sm text-muted-foreground">开启后输出详细请求日志</span>
+                        <label class="inline-flex items-center cursor-pointer">
+                            <input type="checkbox" id="cfgDebugLog" onchange="toggleDebugLog()" class="sr-only peer">
+                            <div class="relative w-11 h-6 bg-gray-200 peer-focus:outline-none rounded-full peer peer-checked:after:translate-x-full peer-checked:after:border-white after:content-[''] after:absolute after:top-[2px] after:left-[2px] after:bg-white after:border-gray-300 after:border after:rounded-full after:h-5 after:w-5 after:transition-all peer-checked:bg-primary"></div>
+                        </label>
+                    </div>
+                </div>
+            </div>
+        </div>
+
+        <!-- 聊天测试 -->
+        <div id="panelChat" class="hidden">
+            <div class="rounded-lg border border-border bg-background">
+                <div class="flex items-center gap-3 p-4 border-b border-border">
+                    <select id="chatModel" class="h-9 rounded-md border border-input bg-background px-3 text-sm">
+                        <option value="">加载中...</option>
+                    </select>
+                    <label class="flex items-center gap-2 text-sm"><input type="checkbox" id="chatStream" checked class="rounded"> Stream</label>
+                    <button onclick="clearChat()" class="ml-auto text-xs px-3 h-8 rounded-md border border-border hover:bg-secondary transition-colors">清空</button>
+                </div>
+                <div id="chatMessages" class="h-[calc(100vh-280px)] overflow-y-auto p-4 space-y-2"></div>
+                <div class="p-4 border-t border-border flex gap-2">
+                    <textarea id="chatInput" rows="1" class="flex w-full rounded-md border border-input bg-background px-3 py-2 text-sm resize-none" placeholder="输入消息..."></textarea>
+                    <button onclick="sendChat()" class="shrink-0 h-9 px-4 rounded-md bg-primary text-primary-foreground text-sm hover:bg-primary/90">发送</button>
+                </div>
+            </div>
+        </div>
+    </main>
+
+    <!-- Device Auth Modal -->
+    <div id="deviceAuthModal" class="modal-overlay hidden">
+        <div class="modal-box">
+            <h3 class="text-lg font-semibold mb-4">添加 OB1 账号</h3>
+            <div id="deviceAuthContent">
+                <p class="text-sm text-muted-foreground mb-4">点击下方按钮开始设备授权流程</p>
+                <button onclick="startDeviceAuth()" class="h-9 px-4 rounded-md bg-primary text-primary-foreground text-sm hover:bg-primary/90">开始授权</button>
+            </div>
+            <div id="deviceAuthPending" class="hidden text-center">
+                <p class="text-sm mb-2">请在浏览器中完成授权:</p>
+                <a id="deviceAuthLink" href="#" target="_blank" class="text-blue-600 text-sm underline break-all"></a>
+                <p class="text-xs text-muted-foreground mt-3">用户码: <span id="deviceAuthCode" class="font-mono font-bold"></span></p>
+                <div class="flex items-center justify-center gap-1 mt-4">
+                    <span class="typing-dot w-2 h-2 rounded-full bg-primary"></span>
+                    <span class="typing-dot w-2 h-2 rounded-full bg-primary"></span>
+                    <span class="typing-dot w-2 h-2 rounded-full bg-primary"></span>
+                    <span class="text-xs text-muted-foreground ml-2">等待授权...</span>
+                </div>
+            </div>
+            <button onclick="closeDeviceAuth()" class="mt-4 text-xs text-muted-foreground hover:text-foreground">关闭</button>
+        </div>
+    </div>
+
+    <script src="/static/manage.js"></script>
+</body>
+</html>

static/manage.js

@@ -0,0 +1,502 @@
+/* ===== Auth ===== */
+const TOKEN = localStorage.getItem('adminToken');
+const api = (url, opts = {}) => {
+    opts.headers = { ...opts.headers, 'Authorization': 'Bearer ' + TOKEN, 'Content-Type': 'application/json' };
+    return fetch(url, opts).then(r => { if (r.status === 401) { logout(); throw new Error('unauthorized'); } return r.json(); });
+};
+
+function checkAuth() {
+    if (!TOKEN) { location.href = '/static/login.html'; return; }
+    api('/admin/status').catch(() => logout());
+}
+
+function logout() {
+    localStorage.removeItem('adminToken');
+    location.href = '/static/login.html';
+}
+
+/* ===== Toast ===== */
+function showToast(msg, type = 'info') {
+    const colors = { success: 'bg-green-600', error: 'bg-red-600', info: 'bg-gray-900' };
+    const el = document.createElement('div');
+    el.className = `fixed bottom-4 right-4 ${colors[type] || colors.info} text-white px-4 py-2.5 rounded-lg shadow-lg text-sm font-medium z-[200] animate-slide-up`;
+    el.textContent = msg;
+    document.body.appendChild(el);
+    setTimeout(() => { el.style.opacity = '0'; el.style.transition = 'opacity .3s'; setTimeout(() => el.remove(), 300); }, 2000);
+}
+
+/* ===== Tabs ===== */
+function switchTab(tab) {
+    ['accounts', 'settings', 'chat'].forEach(t => {
+        document.getElementById('panel' + t.charAt(0).toUpperCase() + t.slice(1)).classList.toggle('hidden', t !== tab);
+        const btn = document.getElementById('tab' + t.charAt(0).toUpperCase() + t.slice(1));
+        btn.classList.toggle('border-primary', t === tab);
+        btn.classList.toggle('border-transparent', t !== tab);
+        btn.classList.toggle('text-muted-foreground', t !== tab);
+    });
+    if (tab === 'settings') loadSettings();
+    if (tab === 'accounts') loadAccounts();
+    if (tab === 'chat') loadChatModels();
+}
+
+/* ===== Accounts ===== */
+let _accounts = [];
+
+function loadAccounts() {
+    api('/admin/accounts').then(d => {
+        _accounts = d.accounts || [];
+        const s = d.stats || {};
+        document.getElementById('statTotal').textContent = s.total ?? _accounts.length;
+        document.getElementById('statActive').textContent = s.active ?? '-';
+        document.getElementById('statCost').textContent = '$' + (s.cost ?? 0).toFixed(2);
+        document.getElementById('statRequests').textContent = s.requests ?? '-';
+        renderAccounts();
+    }).catch(() => showToast('加载账号失败', 'error'));
+}
+
+let _pageSize = 20;
+let _currentPage = 1;
+
+function renderAccounts() {
+    const box = document.getElementById('accountList');
+    const filter = document.getElementById('accountFilter').value;
+    const filtered = _accounts.map((a, i) => ({ ...a, _idx: i })).filter(a => {
+        if (filter === 'active') return a.active === true;
+        if (filter === 'expired') return a.active !== true;
+        return true;
+    });
+    const totalPages = Math.max(1, Math.ceil(filtered.length / _pageSize));
+    if (_currentPage > totalPages) _currentPage = totalPages;
+    const start = (_currentPage - 1) * _pageSize;
+    const paged = filtered.slice(start, start + _pageSize);
+    if (!filtered.length) {
+        box.innerHTML = `<tr><td colspan="6" class="text-center text-muted-foreground py-6 text-sm">${_accounts.length ? '无匹配账号' : '暂无账号，点击右上角添加'}</td></tr>`;
+    } else {
+        box.innerHTML = paged.map(a => {
+            const active = a.active === true;
+            const atTag = a.at_mask ? `<span class="text-green-600 font-mono text-xs">${a.at_mask}</span>` : '<span class="text-red-500">无</span>';
+            const rtTag = a.rt_mask ? `<span class="text-green-600 font-mono text-xs">${a.rt_mask}</span>` : '<span class="text-red-500">无</span>';
+            const statusHtml = active
+                ? `<span class="inline-flex items-center gap-1.5 text-green-600"><span class="w-1.5 h-1.5 rounded-full bg-green-500"></span><span data-expires="${a.expires_at}"></span></span>`
+                : `<span class="inline-flex items-center gap-1.5 text-muted-foreground"><span class="w-1.5 h-1.5 rounded-full bg-gray-400"></span>已过期</span>`;
+            const checked = _selected.has(a._idx) ? 'checked' : '';
+            return `<tr class="border-b border-border hover:bg-secondary/50 transition-colors">
+                <td class="px-4 py-2.5 w-8"><input type="checkbox" data-idx="${a._idx}" ${checked} onchange="toggleSelect(${a._idx})" class="rounded"></td>
+                <td class="px-4 py-2.5 font-medium">${a.email || '未知邮箱'}</td>
+                <td class="px-4 py-2.5">${atTag}</td>
+                <td class="px-4 py-2.5">${rtTag}</td>
+                <td class="px-4 py-2.5">${statusHtml}</td>
+                <td class="px-4 py-2.5 text-right">
+                    <button onclick="refreshAccount(${a._idx})" class="text-xs px-2 py-1 rounded border border-border hover:bg-secondary transition-colors">刷新</button>
+                    <button onclick="removeAccount(${a._idx})" class="text-xs px-2 py-1 rounded border border-red-200 text-red-600 hover:bg-red-50 transition-colors ml-1">删除</button>
+                </td>
+            </tr>`;
+        }).join('');
+    }
+    const activeCount = _accounts.filter(a => a.active === true).length;
+    const selCount = _selected.size;
+    const selText = selCount ? `已选 ${selCount} | ` : '';
+    // pagination
+    let pageHtml = '';
+    if (totalPages > 1) {
+        pageHtml = `<button onclick="changePage(-1)" class="px-2 py-0.5 rounded border border-border hover:bg-secondary text-xs" ${_currentPage <= 1 ? 'disabled' : ''}>&lt;</button>
+            <span class="mx-1">${_currentPage}/${totalPages}</span>
+            <button onclick="changePage(1)" class="px-2 py-0.5 rounded border border-border hover:bg-secondary text-xs" ${_currentPage >= totalPages ? 'disabled' : ''}>&gt;</button>`;
+    }
+    document.getElementById('accountFooter').innerHTML = `<div class="flex items-center justify-between">
+        <span>${selText}显示 ${filtered.length} / ${_accounts.length} 个账号（活跃 ${activeCount}）</span>
+        <div class="flex items-center gap-2">
+            ${pageHtml}
+            <select onchange="changePageSize(this.value)" class="text-xs h-6 rounded border border-input bg-background px-1">
+                ${[10,20,50,100,200,500,1000].map(n => `<option value="${n}" ${n===_pageSize?'selected':''}>${n}条/页</option>`).join('')}
+            </select>
+        </div>
+    </div>`;
+    document.getElementById('selectAll').checked = paged.length > 0 && paged.every(a => _selected.has(a._idx));
+    updateCountdowns();
+}
+
+let _selected = new Set();
+function toggleSelect(idx) {
+    _selected.has(idx) ? _selected.delete(idx) : _selected.add(idx);
+    renderAccounts();
+}
+function toggleSelectAll() {
+    const all = document.getElementById('selectAll').checked;
+    const filter = document.getElementById('accountFilter').value;
+    const filtered = _accounts.map((a, i) => ({ ...a, _idx: i })).filter(a => {
+        if (filter === 'active') return a.active === true;
+        if (filter === 'expired') return a.active !== true;
+        return true;
+    });
+    const start = (_currentPage - 1) * _pageSize;
+    const paged = filtered.slice(start, start + _pageSize);
+    paged.forEach(a => all ? _selected.add(a._idx) : _selected.delete(a._idx));
+    renderAccounts();
+}
+function getSelectedIndices() { return [..._selected]; }
+function changePageSize(v) { _pageSize = parseInt(v); _currentPage = 1; renderAccounts(); }
+function changePage(delta) { _currentPage += delta; renderAccounts(); }
+
+function updateCountdowns() {
+    document.querySelectorAll('[data-expires]').forEach(el => {
+        const exp = parseInt(el.dataset.expires);
+        const diff = exp - Date.now();
+        if (diff <= 0) { el.textContent = '已过期'; el.className = 'text-red-500'; return; }
+        const d = Math.floor(diff / 86400000);
+        const h = Math.floor((diff % 86400000) / 3600000);
+        const m = Math.floor((diff % 3600000) / 60000);
+        let text = '';
+        if (d > 0) text += d + '天';
+        text += h + 'h ' + m + 'm';
+        el.textContent = text;
+        if (d < 1) el.className = 'text-orange-500';
+    });
+}
+if (!window._countdownTimer) window._countdownTimer = setInterval(updateCountdowns, 1000);
+
+function refreshAccount(idx) {
+    api(`/admin/accounts/${idx}/refresh`, { method: 'POST' }).then(d => {
+        d.ok ? showToast('刷新成功', 'success') : showToast(d.error || '刷新失败', 'error');
+        loadAccounts();
+    });
+}
+
+function removeAccount(idx) {
+    if (!confirm('确定删除该账号？')) return;
+    api(`/admin/accounts/${idx}`, { method: 'DELETE' }).then(() => { showToast('已删除', 'success'); loadAccounts(); });
+}
+
+function refreshAllAccounts() {
+    api('/admin/refresh', { method: 'POST' }).then(d => {
+        d.ok ? showToast('全部刷新完成', 'success') : showToast('刷新失败', 'error');
+        loadAccounts();
+    });
+}
+
+function batchDeleteAccounts() {
+    if (!confirm('确定删除所有账号？')) return;
+    const indices = _accounts.map((_, i) => i);
+    api('/admin/accounts/batch-delete', { method: 'POST', body: JSON.stringify({ indices }) }).then(d => {
+        showToast(`已删除 ${d.removed} 个账号`, 'success'); loadAccounts();
+    });
+}
+
+function exportAccounts() {
+    api('/admin/accounts/export', { method: 'POST' }).then(d => {
+        const blob = new Blob([JSON.stringify(d.accounts, null, 2)], { type: 'application/json' });
+        const a = document.createElement('a');
+        a.href = URL.createObjectURL(blob); a.download = 'ob1_accounts.json'; a.click();
+        showToast('导出成功', 'success');
+    });
+}
+
+function importAccounts() {
+    const input = document.createElement('input');
+    input.type = 'file'; input.accept = '.json';
+    input.onchange = e => {
+        const file = e.target.files[0]; if (!file) return;
+        const reader = new FileReader();
+        reader.onload = ev => {
+            try {
+                const accounts = JSON.parse(ev.target.result);
+                api('/admin/accounts/import', { method: 'POST', body: JSON.stringify({ accounts: Array.isArray(accounts) ? accounts : [accounts] }) })
+                    .then(d => { showToast(`导入 ${d.imported} 个账号`, 'success'); loadAccounts(); });
+            } catch { showToast('JSON 格式错误', 'error'); }
+        };
+        reader.readAsText(file);
+    };
+    input.click();
+}
+
+/* ===== Device Auth (Add Account) ===== */
+let _pollTimer = null;
+
+function openDeviceAuth() {
+    document.getElementById('deviceAuthModal').classList.remove('hidden');
+    document.getElementById('deviceAuthContent').classList.remove('hidden');
+    document.getElementById('deviceAuthPending').classList.add('hidden');
+}
+
+function startDeviceAuth() {
+    document.getElementById('deviceAuthContent').classList.add('hidden');
+    document.getElementById('deviceAuthPending').classList.remove('hidden');
+    api('/admin/device-auth', { method: 'POST' }).then(d => {
+        if (d.error) {
+            document.getElementById('deviceAuthContent').classList.remove('hidden');
+            document.getElementById('deviceAuthPending').classList.add('hidden');
+            showToast(d.error, 'error');
+            return;
+        }
+        const link = document.getElementById('deviceAuthLink');
+        link.href = d.verification_uri_complete || d.verification_uri;
+        link.textContent = d.verification_uri_complete || d.verification_uri;
+        document.getElementById('deviceAuthCode').textContent = d.user_code || '';
+        pollDeviceAuth(d.device_code, d.interval || 5);
+    }).catch(() => {
+        document.getElementById('deviceAuthContent').classList.remove('hidden');
+        document.getElementById('deviceAuthPending').classList.add('hidden');
+        showToast('获取授权失败', 'error');
+    });
+}
+
+function pollDeviceAuth(code, interval) {
+    clearInterval(_pollTimer);
+    _pollTimer = setInterval(() => {
+        api('/admin/device-auth/poll', { method: 'POST', body: JSON.stringify({ device_code: code }) }).then(d => {
+            if (d.status === 'complete') {
+                clearInterval(_pollTimer);
+                closeDeviceAuth();
+                showToast(`已添加账号: ${d.email}`, 'success');
+                loadAccounts();
+            } else if (d.status === 'expired' || d.status === 'error') {
+                clearInterval(_pollTimer);
+                showToast(d.message || '授权失败', 'error');
+            }
+        });
+    }, interval * 1000);
+}
+
+function closeDeviceAuth() {
+    clearInterval(_pollTimer);
+    document.getElementById('deviceAuthModal').classList.add('hidden');
+}
+
+/* ===== Settings ===== */
+function loadSettings() {
+    api('/admin/settings').then(d => {
+        document.getElementById('cfgUsername').value = d.username || '';
+        document.getElementById('cfgCurrentKey').value = d.api_key || '';
+        document.getElementById('cfgProxy').value = d.proxy_url || '';
+        selectRotation(d.rotation_mode || 'cache-first', false);
+        document.getElementById('cfgDebugLog').checked = (d.log_level || 'INFO') === 'DEBUG';
+        document.getElementById('cfgRefreshInterval').value = d.refresh_interval || 0;
+    });
+}
+
+function updatePassword() {
+    const old_password = document.getElementById('cfgOldPwd').value;
+    const new_password = document.getElementById('cfgNewPwd').value;
+    if (!old_password || !new_password) { showToast('请填写完整', 'error'); return; }
+    api('/admin/settings/password', { method: 'POST', body: JSON.stringify({ old_password, new_password }) }).then(d => {
+        d.ok ? (showToast('密码已更新', 'success'), document.getElementById('cfgOldPwd').value = '', document.getElementById('cfgNewPwd').value = '') : showToast(d.message || '更新失败', 'error');
+    });
+}
+
+function updateUsername() {
+    const username = document.getElementById('cfgUsername').value.trim();
+    if (!username) return;
+    api('/admin/settings/username', { method: 'POST', body: JSON.stringify({ username }) }).then(d => {
+        d.ok ? showToast('用户名已更新', 'success') : showToast('更新失败', 'error');
+    });
+}
+
+function updateAPIKey() {
+    const api_key = document.getElementById('cfgNewKey').value.trim();
+    if (!api_key) return;
+    api('/admin/settings/api-key', { method: 'POST', body: JSON.stringify({ api_key }) }).then(d => {
+        d.ok ? showToast('API Key 已更新', 'success') : showToast('更新失败', 'error');
+    });
+}
+
+function updateProxy() {
+    const url = document.getElementById('cfgProxy').value.trim();
+    api('/admin/settings/proxy', { method: 'POST', body: JSON.stringify({ url }) }).then(d => {
+        d.ok ? showToast('代理已更新', 'success') : showToast('更新失败', 'error');
+    });
+}
+
+function testProxy() {
+    const url = document.getElementById('cfgProxy').value.trim();
+    if (!url) { showToast('请先填写代理地址', 'error'); return; }
+    const btn = document.getElementById('btnTestProxy');
+    btn.disabled = true; btn.textContent = '测试中...';
+    api('/admin/settings/proxy-test', { method: 'POST', body: JSON.stringify({ url }) }).then(d => {
+        if (d.ok) showToast('代理可用，IP: ' + d.ip, 'success');
+        else showToast('代理不可用: ' + d.error, 'error');
+    }).catch(() => showToast('测试请求失败', 'error'))
+    .finally(() => { btn.disabled = false; btn.textContent = '测试'; });
+}
+
+function selectRotation(mode, save = true) {
+    document.getElementById('cfgRotationMode').value = mode;
+    if (save) {
+        api('/admin/settings/rotation-mode', { method: 'POST', body: JSON.stringify({ mode }) }).then(d => {
+            d.ok ? showToast('调度模式已更新', 'success') : showToast(d.message || '更新失败', 'error');
+        });
+    }
+}
+
+function toggleDebugLog() {
+    const level = document.getElementById('cfgDebugLog').checked ? 'DEBUG' : 'INFO';
+    api('/admin/settings/log-level', { method: 'POST', body: JSON.stringify({ level }) }).then(d => {
+        d.ok ? showToast(level === 'DEBUG' ? '调试日志已开启' : '调试日志已关闭', 'success') : showToast(d.message || '更新失败', 'error');
+    });
+}
+
+function updateRefreshInterval() {
+    const interval = parseInt(document.getElementById('cfgRefreshInterval').value) || 0;
+    api('/admin/settings/refresh-interval', { method: 'POST', body: JSON.stringify({ interval }) }).then(d => {
+        d.ok ? showToast(interval > 0 ? `自动续期检查已设置为 ${interval} 分钟` : '自动续期已关闭', 'success') : showToast(d.message || '更新失败', 'error');
+    });
+}
+
+/* ===== Chat ===== */
+let _chatMessages = [];
+
+const TOP_MODELS = [
+    'anthropic/claude-opus-4.6',
+    'anthropic/claude-sonnet-4.6',
+    'openai/gpt-5.4-pro',
+    'google/gemini-3.1-flash-image-preview',
+    'openai/gpt-5.3-codex',
+    'x-ai/grok-4.1-fast',
+    'qwen/qwen-3.5-397b',
+];
+
+function _shortName(id) { return id.includes('/') ? id.split('/').pop() : id; }
+
+function loadChatModels() {
+    const sel = document.getElementById('chatModel');
+    const prev = sel.value;
+    fetch('/v1/models', { headers: { 'Authorization': 'Bearer ' + TOKEN } })
+        .then(r => r.json())
+        .then(d => {
+            const apiIds = (d.data || []).map(m => m.id);
+            _fillModelSelect(sel, apiIds, prev);
+        })
+        .catch(() => _fillModelSelect(sel, [], prev));
+}
+
+function _fillModelSelect(sel, apiIds, prev) {
+    const all = new Set([...TOP_MODELS, ...apiIds]);
+    const topSet = new Set(TOP_MODELS);
+    const rest = [...all].filter(id => !topSet.has(id)).sort();
+    let html = '<optgroup label="常用">';
+    html += TOP_MODELS.map(id => `<option value="${id}">${_shortName(id)}</option>`).join('');
+    html += '</optgroup>';
+    if (rest.length) {
+        html += '<optgroup label="全部">';
+        html += rest.map(id => `<option value="${id}">${_shortName(id)}</option>`).join('');
+        html += '</optgroup>';
+    }
+    sel.innerHTML = html;
+    sel.value = prev && all.has(prev) ? prev : TOP_MODELS[0];
+}
+
+function _parseAssistantMsg(msg) {
+    const content = msg.content;
+    const result = { role: 'assistant', content: '', images: [] };
+    if (typeof content === 'string') {
+        result.content = content || '';
+    } else if (Array.isArray(content)) {
+        for (const part of content) {
+            if (part.type === 'text') result.content += part.text || '';
+            else if (part.type === 'image_url') result.images.push(part.image_url?.url || '');
+        }
+    }
+    // OB1/OpenRouter puts images in message.images
+    if (Array.isArray(msg.images)) {
+        for (const img of msg.images) {
+            if (img.image_url?.url) result.images.push(img.image_url.url);
+            else if (typeof img === 'string') result.images.push(img);
+        }
+    }
+    if (!result.content && !result.images.length) result.content = 'No response';
+    return result;
+}
+
+function sendChat() {
+    const input = document.getElementById('chatInput');
+    const msg = input.value.trim();
+    if (!msg) return;
+    input.value = '';
+    _chatMessages.push({ role: 'user', content: msg });
+    renderChat();
+
+    const model = document.getElementById('chatModel').value;
+    const stream = document.getElementById('chatStream').checked;
+
+    if (stream) {
+        streamChat(model, msg);
+    } else {
+        api('/v1/chat/completions', {
+            method: 'POST',
+            body: JSON.stringify({ model, messages: _chatMessages, stream: false })
+        }).then(d => {
+            const msg = d.choices?.[0]?.message || {};
+            const parsed = _parseAssistantMsg(msg);
+            _chatMessages.push(parsed);
+            renderChat();
+        }).catch(() => {
+            _chatMessages.push({ role: 'assistant', content: '请求失败' });
+            renderChat();
+        });
+    }
+}
+
+function streamChat(model, msg) {
+    const assistantMsg = { role: 'assistant', content: '' };
+    _chatMessages.push(assistantMsg);
+    renderChat();
+
+    fetch('/v1/chat/completions', {
+        method: 'POST',
+        headers: { 'Authorization': 'Bearer ' + TOKEN, 'Content-Type': 'application/json' },
+        body: JSON.stringify({ model, messages: _chatMessages.slice(0, -1), stream: true })
+    }).then(resp => {
+        const reader = resp.body.getReader();
+        const decoder = new TextDecoder();
+        let buf = '';
+        function read() {
+            reader.read().then(({ done, value }) => {
+                if (done) { renderChat(); return; }
+                buf += decoder.decode(value, { stream: true });
+                const lines = buf.split('\n');
+                buf = lines.pop();
+                for (const line of lines) {
+                    if (!line.startsWith('data: ') || line === 'data: [DONE]') continue;
+                    try {
+                        const j = JSON.parse(line.slice(6));
+                        const delta = j.choices?.[0]?.delta?.content;
+                        if (delta) { assistantMsg.content += delta; renderChat(); }
+                    } catch {}
+                }
+                read();
+            });
+        }
+        read();
+    }).catch(() => { assistantMsg.content = '流式请求失败'; renderChat(); });
+}
+
+function renderChat() {
+    const box = document.getElementById('chatMessages');
+    box.innerHTML = _chatMessages.map(m => {
+        const isUser = m.role === 'user';
+        let rendered = typeof marked !== 'undefined' ? marked.parse(m.content || '') : (m.content || '');
+        if (m.images && m.images.length) {
+            rendered += m.images.map(url => `<img src="${url}" class="mt-2 max-w-full rounded-lg cursor-pointer" style="max-height:400px" onclick="window.open(this.src,'_blank')" alt="生成图片">`).join('');
+        }
+        return `<div class="flex ${isUser ? 'justify-end' : 'justify-start'} mb-3">
+            <div class="chat-msg max-w-[80%] rounded-lg px-4 py-2 text-sm ${isUser ? 'bg-primary text-primary-foreground' : 'bg-secondary'}">
+                ${rendered}
+            </div>
+        </div>`;
+    }).join('');
+    box.scrollTop = box.scrollHeight;
+    document.querySelectorAll('.chat-msg pre code').forEach(el => hljs.highlightElement(el));
+}
+
+function clearChat() {
+    _chatMessages = [];
+    document.getElementById('chatMessages').innerHTML = '';
+}
+
+/* ===== Init ===== */
+window.addEventListener('DOMContentLoaded', () => {
+    checkAuth();
+    loadAccounts();
+    document.getElementById('chatInput').addEventListener('keydown', e => {
+        if (e.key === 'Enter' && !e.shiftKey) { e.preventDefault(); sendChat(); }
+    });
+});