ai-zero-token 1.0.9 → 1.0.10

package/dist/server/admin-page.js

@@ -1898,6 +1898,7 @@ function renderAdminPage() {
                 <option value="all">\u5168\u90E8\u72B6\u6001</option>
                 <option value="healthy">\u5065\u5EB7</option>
                 <option value="warning">\u5373\u5C06\u8017\u5C3D</option>
+                <option value="invalid">\u767B\u5F55\u5931\u6548</option>
                 <option value="expired">\u5DF2\u8FC7\u671F</option>
                 <option value="active">\u4F7F\u7528\u4E2D</option>
               </select>
@@ -2302,6 +2303,13 @@ function renderAdminPage() {
       return date.toLocaleString("zh-CN", { hour12: false });
     }
 
+    function timestampToMillis(value) {
+      if (typeof value !== "number" || !Number.isFinite(value) || value <= 0) {
+        return null;
+      }
+      return value < 1000000000000 ? value * 1000 : value;
+    }
+
     function formatShortTime(value) {
       if (!value) {
         return "--:--";
@@ -2528,6 +2536,15 @@ function renderAdminPage() {
         };
       }
 
+      if (profile.authStatus && (profile.authStatus.state === "token_invalidated" || profile.authStatus.state === "auth_error")) {
+        return {
+          supported: false,
+          label: "\u8BA4\u8BC1\u5931\u6548",
+          detail: "\u8D26\u53F7\u8BA4\u8BC1\u5DF2\u5931\u6548\uFF0C\u8BF7\u91CD\u65B0\u767B\u5F55\u540E\u518D\u4F7F\u7528\u56FE\u7247\u751F\u6210\u3002",
+          badgeClass: "red",
+        };
+      }
+
       const planType = getPlanType(profile);
       if (planType === "free") {
         return {
@@ -2546,6 +2563,17 @@ function renderAdminPage() {
       };
     }
 
+    function describeAuthStatus(profile) {
+      const authStatus = profile && profile.authStatus ? profile.authStatus : null;
+      if (!authStatus || authStatus.state === "ok") {
+        return authStatus && authStatus.checkedAt ? "\u6B63\u5E38 \xB7 " + formatTime(authStatus.checkedAt) : "\u6B63\u5E38";
+      }
+
+      const prefix = authStatus.state === "token_invalidated" ? "\u767B\u5F55\u5931\u6548" : "\u8BA4\u8BC1\u5F02\u5E38";
+      const detail = authStatus.code || authStatus.httpStatus ? " (" + (authStatus.code || authStatus.httpStatus) + ")" : "";
+      return prefix + detail + " \xB7 " + formatTime(authStatus.checkedAt);
+    }
+
     function maskEmail(email) {
       if (typeof email !== "string" || email.indexOf("@") === -1) {
         return email || "";
@@ -2664,6 +2692,22 @@ function renderAdminPage() {
 
     function getProfileHealth(profile) {
       const now = Date.now();
+      if (profile && profile.authStatus && profile.authStatus.state === "token_invalidated") {
+        return {
+          key: "invalid",
+          label: "\u767B\u5F55\u5931\u6548",
+          badgeClass: "red",
+          barClass: "red",
+        };
+      }
+      if (profile && profile.authStatus && profile.authStatus.state === "auth_error") {
+        return {
+          key: "invalid",
+          label: "\u8BA4\u8BC1\u5F02\u5E38",
+          badgeClass: "red",
+          barClass: "red",
+        };
+      }
       if (profile && profile.expiresAt && profile.expiresAt <= now) {
         return {
           key: "expired",
@@ -2708,8 +2752,9 @@ function renderAdminPage() {
       const quota = profile.quota;
       const resetAt = slot === "primary" ? quota.primaryResetAt : quota.secondaryResetAt;
       const resetAfter = slot === "primary" ? quota.primaryResetAfterSeconds : quota.secondaryResetAfterSeconds;
-      if (typeof resetAt === "number" && resetAt > 0) {
-        return formatTime(resetAt * 1000);
+      const resetAtMillis = timestampToMillis(resetAt);
+      if (resetAtMillis) {
+        return formatTime(resetAtMillis);
       }
       if (typeof resetAfter === "number" && resetAfter > 0) {
         return formatCompactDuration(resetAfter) + "\u540E";
@@ -2739,11 +2784,13 @@ function renderAdminPage() {
       const quota = profile.quota;
       const resetAt = slot === "primary" ? quota.primaryResetAt : quota.secondaryResetAt;
       const resetAfter = slot === "primary" ? quota.primaryResetAfterSeconds : quota.secondaryResetAfterSeconds;
-      if (typeof resetAt === "number" && resetAt > 0) {
-        return formatCompactDateTime(resetAt * 1000);
+      const resetAtMillis = timestampToMillis(resetAt);
+      if (resetAtMillis) {
+        return formatCompactDateTime(resetAtMillis);
       }
       if (typeof resetAfter === "number" && resetAfter > 0) {
-        return formatCompactDuration(resetAfter) + "\u540E";
+        const capturedAt = timestampToMillis(quota.capturedAt);
+        return capturedAt ? formatCompactDateTime(capturedAt + resetAfter * 1000) : formatCompactDuration(resetAfter) + "\u540E";
       }
       return "\u672A\u77E5";
     }
@@ -3169,6 +3216,9 @@ function renderAdminPage() {
         if (status === "warning" && health.key !== "warning") {
           return false;
         }
+        if (status === "invalid" && health.key !== "invalid") {
+          return false;
+        }
         if (status === "expired" && health.key !== "expired") {
           return false;
         }
@@ -3344,6 +3394,7 @@ function renderAdminPage() {
             ? '<div class="meta-grid">'
               + '<div class="meta-item"><label>\u5957\u9910</label><strong>' + escapeHtml(planType) + "</strong></div>"
               + '<div class="meta-item"><label>\u751F\u56FE\u80FD\u529B</label><strong>' + escapeHtml(imageCapability.detail) + "</strong></div>"
+              + '<div class="meta-item"><label>\u8BA4\u8BC1\u72B6\u6001</label><strong>' + escapeHtml(describeAuthStatus(profile)) + "</strong></div>"
               + '<div class="meta-item"><label>\u989D\u5EA6\u5FEB\u7167</label><strong>' + escapeHtml(describeQuotaSnapshot(profile)) + "</strong></div>"
               + '<div class="meta-item"><label>\u989D\u5EA6\u9650\u5236</label><strong>' + escapeHtml(describeQuotaLimit(profile)) + "</strong></div>"
               + '<div class="meta-item"><label>Account ID</label><code>' + escapeHtml(state.showEmails ? (profile.accountId || "\u672A\u63D0\u4F9B") : maskIdentifier(profile.accountId || "\u672A\u63D0\u4F9B")) + "</code></div>"
@@ -3353,6 +3404,7 @@ function renderAdminPage() {
           +   '<div class="account-actions">'
           +     actionButton
           +     codexButton
+          +     '<button class="btn-secondary" type="button" data-profile-action="sync-quota" data-profile-id="' + escapeHtml(profile.profileId) + '">\u5237\u65B0\u989D\u5EA6</button>'
           +     '<button class="btn-secondary" type="button" data-profile-action="export" data-profile-id="' + escapeHtml(profile.profileId) + '">\u5BFC\u51FA</button>'
           +     '<button class="btn-danger" type="button" data-profile-action="remove" data-profile-id="' + escapeHtml(profile.profileId) + '">\u5220\u9664</button>'
           +   "</div>"
@@ -3862,6 +3914,28 @@ function renderAdminPage() {
         await applyProfileToCodex(profileId, button);
         return;
       }
+      if (action === "sync-quota") {
+        setBusy(button, true);
+        authStatus.textContent = "\u6B63\u5728\u5237\u65B0\u8D26\u53F7\u989D\u5EA6...";
+        try {
+          const config = await fetchJson("/_gateway/admin/profiles/sync-quota", {
+            method: "POST",
+            headers: {
+              "Content-Type": "application/json",
+            },
+            body: formatJson({
+              profileId: profileId,
+            }),
+          });
+          renderConfig(config);
+          authStatus.textContent = "\u989D\u5EA6\u4FE1\u606F\u5DF2\u540C\u6B65\u3002";
+        } catch (error) {
+          authStatus.textContent = error.message;
+        } finally {
+          setBusy(button, false);
+        }
+        return;
+      }
 
       setBusy(button, true);
       authStatus.textContent = action === "activate" ? "\u6B63\u5728\u5207\u6362\u5F53\u524D\u8D26\u53F7..." : "\u6B63\u5728\u5220\u9664\u8D26\u53F7...";
@@ -4285,7 +4359,12 @@ function renderAdminPage() {
       authStatus.textContent = "\u6B63\u5728\u540C\u6B65\u989D\u5EA6\u4E0E\u7248\u672C\u72B6\u6001...";
       refreshConfig({
         syncRuntime: true,
-      }).then(function () {
+      }).then(function (config) {
+        if (config && config.quotaSync) {
+          const sync = config.quotaSync;
+          authStatus.textContent = "\u989D\u5EA6\u4E0E\u7248\u672C\u72B6\u6001\u5DF2\u5237\u65B0: " + String(sync.synced) + "/" + String(sync.total) + " \u4E2A\u8D26\u53F7\u6210\u529F" + (sync.failed ? "\uFF0C" + String(sync.failed) + " \u4E2A\u5931\u8D25" : "") + (sync.skipped ? "\uFF0C" + String(sync.skipped) + " \u4E2A\u767B\u5F55\u5931\u6548\u5DF2\u8DF3\u8FC7" : "") + "\u3002";
+          return;
+        }
         authStatus.textContent = "\u989D\u5EA6\u4E0E\u7248\u672C\u72B6\u6001\u5DF2\u5237\u65B0\u3002";
       }).catch(function (error) {
         authStatus.textContent = error && error.message ? error.message : String(error);

package/dist/server/app.js

@@ -1,11 +1,58 @@
 #!/usr/bin/env node
 import { randomUUID } from "node:crypto";
+import fs from "node:fs/promises";
+import path from "node:path";
+import { fileURLToPath } from "node:url";
 import Fastify from "fastify";
 import cors from "@fastify/cors";
 import { z } from "zod";
 import { createGatewayContext } from "../core/context.js";
 import { requestText } from "../core/providers/http-client.js";
 import { renderAdminPage } from "./admin-page.js";
+const packageRoot = path.dirname(fileURLToPath(new URL("../../package.json", import.meta.url)));
+const adminUiDistDir = path.join(packageRoot, "admin-ui", "dist");
+const adminUiIndexPath = path.join(adminUiDistDir, "index.html");
+const assetContentTypes = {
+  ".css": "text/css; charset=utf-8",
+  ".gif": "image/gif",
+  ".html": "text/html; charset=utf-8",
+  ".ico": "image/x-icon",
+  ".jpg": "image/jpeg",
+  ".jpeg": "image/jpeg",
+  ".js": "text/javascript; charset=utf-8",
+  ".json": "application/json; charset=utf-8",
+  ".map": "application/json; charset=utf-8",
+  ".png": "image/png",
+  ".svg": "image/svg+xml",
+  ".webp": "image/webp"
+};
+async function pathExists(targetPath) {
+  try {
+    await fs.access(targetPath);
+    return true;
+  } catch {
+    return false;
+  }
+}
+function getContentType(filePath) {
+  return assetContentTypes[path.extname(filePath).toLowerCase()] ?? "application/octet-stream";
+}
+async function readAdminUiAsset(assetPath) {
+  const normalized = path.normalize(assetPath).replace(/^(\.\.(\/|\\|$))+/, "");
+  const filePath = path.resolve(adminUiDistDir, normalized);
+  const root = path.resolve(adminUiDistDir);
+  if (!filePath.startsWith(`${root}${path.sep}`)) {
+    return null;
+  }
+  try {
+    return {
+      body: await fs.readFile(filePath),
+      filePath
+    };
+  } catch {
+    return null;
+  }
+}
 const inputPartSchema = z.object({
   type: z.string().optional(),
   text: z.string().optional()
@@ -383,6 +430,7 @@ function serializeProfile(profile) {
     accountId: profile.accountId,
     email: profile.email,
     quota: profile.quota,
+    authStatus: profile.authStatus,
     expiresAt: profile.expires,
     accessTokenPreview: maskSecret(profile.access),
     refreshTokenPreview: maskSecret(profile.refresh)
@@ -395,6 +443,7 @@ function serializeManagedProfile(profile) {
     accountId: profile.accountId,
     email: profile.email,
     quota: profile.quota,
+    authStatus: profile.authStatus,
     expiresAt: profile.expiresAt,
     accessTokenPreview: profile.accessTokenPreview,
     refreshTokenPreview: profile.refreshTokenPreview,
@@ -416,6 +465,10 @@ function getErrorStatusCode(error) {
   if (typeof normalized.statusCode === "number") {
     return normalized.statusCode;
   }
+  const upstreamStatus = normalized.upstreamStatus;
+  if (upstreamStatus === 401 || upstreamStatus === 403) {
+    return upstreamStatus;
+  }
   const message = normalized.message;
   if (message.includes("\u7F3A\u5C11") || message.includes("\u683C\u5F0F\u9519\u8BEF") || message.includes("\u672A\u5185\u7F6E\u6A21\u578B") || message.includes("\u4E0D\u652F\u6301") || message.includes("\u6CA1\u6709\u63D0\u4F9B")) {
     return 400;
@@ -506,9 +559,28 @@ function createApp(params) {
     };
   }
   app.get("/", async (_request, reply) => {
+    if (await pathExists(adminUiIndexPath)) {
+      reply.header("Content-Type", "text/html; charset=utf-8");
+      return fs.readFile(adminUiIndexPath, "utf8");
+    }
     reply.header("Content-Type", "text/html; charset=utf-8");
     return renderAdminPage();
   });
+  app.get("/assets/*", async (request, reply) => {
+    const assetPath = request.params["*"];
+    const asset = await readAdminUiAsset(path.join("assets", assetPath));
+    if (!asset) {
+      reply.code(404);
+      return {
+        error: {
+          type: "not_found",
+          message: "asset not found"
+        }
+      };
+    }
+    reply.header("Content-Type", getContentType(asset.filePath));
+    return asset.body;
+  });
   app.get("/favicon.ico", async (_request, reply) => {
     reply.code(204);
     return "";
@@ -527,15 +599,18 @@ function createApp(params) {
     };
   });
   app.post("/_gateway/admin/runtime-refresh", async (request) => {
-    await Promise.all([
-      ctx.authService.syncActiveProfileQuota("openai-codex", {
+    const [quotaSync] = await Promise.all([
+      ctx.authService.syncAllProfileQuotas("openai-codex", {
         suppressErrors: true
       }),
       ctx.versionService.getVersionStatus({
         force: true
       })
     ]);
-    return buildAdminConfig(request);
+    return {
+      ...await buildAdminConfig(request),
+      quotaSync
+    };
   });
   app.get("/_gateway/admin/config", async (request) => buildAdminConfig(request));
   app.post("/_gateway/admin/login", async (request) => {
@@ -567,8 +642,22 @@ function createApp(params) {
     });
     return buildAdminConfig(request);
   });
-  app.post("/_gateway/admin/profiles/sync-quota", async (request) => {
-    await ctx.authService.syncActiveProfileQuota("openai-codex");
+  app.post("/_gateway/admin/profiles/sync-quota", async (request, reply) => {
+    const parsed = profileActionSchema.partial().safeParse(request.body ?? {});
+    if (!parsed.success) {
+      reply.code(400);
+      return {
+        error: {
+          type: "validation_error",
+          message: parsed.error.issues[0]?.message ?? "\u8BF7\u6C42\u4F53\u683C\u5F0F\u9519\u8BEF"
+        }
+      };
+    }
+    if (parsed.data.profileId) {
+      await ctx.authService.syncProfileQuota(parsed.data.profileId, "openai-codex");
+    } else {
+      await ctx.authService.syncActiveProfileQuota("openai-codex");
+    }
     return buildAdminConfig(request);
   });
   app.post("/_gateway/admin/profiles/remove", async (request, reply) => {

package/docs/DESKTOP_RELEASE.md

@@ -0,0 +1,64 @@
+# AI Zero Token Desktop Release
+
+This project ships the desktop app with Electron. The desktop main process starts the existing local Fastify gateway and loads the React management UI served by that gateway.
+
+## Build Commands
+
+```bash
+npm run build
+```
+
+Builds:
+
+- `admin-ui/dist`: React management UI
+- `dist`: TypeScript gateway, CLI, and Electron main process
+
+```bash
+npm run desktop
+```
+
+Runs the desktop app locally.
+
+```bash
+npm run dist:dir
+```
+
+Creates an unpacked desktop app for the current platform in `release/`.
+
+```bash
+npm run dist:mac
+npm run dist:win
+```
+
+Creates macOS and Windows distributables. macOS builds should be produced on macOS. Windows builds are best produced on Windows CI or a runner with a complete Windows packaging environment.
+
+## Signing
+
+Unsigned builds are suitable for internal testing only. Public commercial distribution should use platform signing:
+
+- macOS: Apple Developer ID Application certificate and notarization.
+- Windows: Authenticode code-signing certificate.
+
+`electron-builder` reads the standard signing environment variables. Configure these in CI instead of committing credentials to the repository.
+
+## Release Artifacts
+
+The packaged output is written to:
+
+```text
+release/
+```
+
+The folder is intentionally ignored by git.
+
+## App Resources
+
+App icon files live in:
+
+```text
+build/icon.png
+build/icon.icns
+build/icon.ico
+```
+
+They are included in Electron packaging and npm packing.