fogact 1.2.0 → 1.2.2

package/bin/web-server.js

@@ -36,18 +36,41 @@ const USER_STATUS_KEY_MAP = {
 const CODE_STATUS_MAP = {
   unused: "unused",
   "未使用": "unused",
-  used: "used",
-  "已使用": "used",
+  "未激活": "unused",
+  active: "active",
+  "活跃": "active",
+  "已激活": "active",
+  used: "active",
+  "已使用": "active",
+  disabled: "disabled",
+  blocked: "disabled",
+  banned: "disabled",
+  "已禁用": "disabled",
+  "禁用": "disabled",
   expired: "expired",
   "已过期": "expired",
 };
 
 const CODE_STATUS_LABEL_MAP = {
-  unused: "未使用",
-  used: "已使用",
+  unused: "未激活",
+  active: "活跃",
+  disabled: "已禁用",
   expired: "已过期",
 };
 
+const HOP_BY_HOP_HEADERS = new Set([
+  "connection",
+  "keep-alive",
+  "proxy-authenticate",
+  "proxy-authorization",
+  "te",
+  "trailer",
+  "transfer-encoding",
+  "upgrade",
+  "host",
+  "content-length",
+]);
+
 // 初始化示例数据
 initializeSampleData();
 
@@ -181,7 +204,7 @@ function normalizeCodeStatus(codeOrStatus, expiresAt) {
 }
 
 function getCodeStatusLabel(status) {
-  return CODE_STATUS_LABEL_MAP[normalizeCodeStatus(status)] || "未使用";
+  return CODE_STATUS_LABEL_MAP[normalizeCodeStatus(status)] || "未激活";
 }
 
 function serializeUser(user) {
@@ -219,30 +242,27 @@ function getActivationPlatforms(serviceKey) {
   return [];
 }
 
-function buildActivationData(serializedCode) {
+function getPublicBaseUrl(req) {
+  const forwardedHost = String(req?.headers?.['x-forwarded-host'] || req?.headers?.host || '').split(',')[0].trim();
+  const publicHost = forwardedHost && !forwardedHost.includes('fogact.fogact.com')
+    ? forwardedHost
+    : 'cliproxy.fogidc.com';
+  const isLocalHost = /^(localhost|127\.0\.0\.1|0\.0\.0\.0|\[?::1\]?)(:\d+)?$/i.test(publicHost);
+  const defaultProtocol = isLocalHost ? 'http' : 'https';
+  const publicProtocol = String(req?.headers?.['x-forwarded-proto'] || defaultProtocol).split(',')[0].trim() || defaultProtocol;
+  return trimTrailingSlash(process.env.FOGACT_PUBLIC_BASE_URL || `${publicProtocol}://${publicHost}`);
+}
+
+function getProxyBaseUrl(req, serviceKey) {
+  const publicBaseUrl = getPublicBaseUrl(req);
+  return serviceKey === "claude" ? publicBaseUrl : `${publicBaseUrl}/v1`;
+}
+
+function buildActivationData(serializedCode, req) {
   const serviceKey = serializedCode.serviceKey;
-  const upstream = loadUpstreamConfig({ configPath: getUpstreamConfigPath() });
-  const serviceConfig = serializedCode.serviceConfig || {};
-  const baseUrl = trimTrailingSlash(
-    serializedCode.baseUrl ||
-    serializedCode.baseURL ||
-    serializedCode.url ||
-    serviceConfig.baseUrl ||
-    serviceConfig.baseURL ||
-    serviceConfig.url ||
-    getServiceBaseUrl(upstream, serviceKey) ||
-    upstream.baseUrl
-  );
-  const apiKey = String(
-    serializedCode.apiKey ||
-    serializedCode.key ||
-    serializedCode.token ||
-    serviceConfig.apiKey ||
-    serviceConfig.key ||
-    serviceConfig.token ||
-    upstream.apiKey ||
-    ""
-  ).trim();
+  const publicBaseUrl = getPublicBaseUrl(req);
+  const baseUrl = getProxyBaseUrl(req, serviceKey);
+  const apiKey = String(serializedCode.code || "").trim();
 
   return {
     code: serializedCode.code,
@@ -253,13 +273,17 @@ function buildActivationData(serializedCode) {
     allowedModels: serializedCode.allowedModels,
     quota: serializedCode.quota,
     expiresAt: serializedCode.expiresAt,
+    proxy: true,
+    publicBaseUrl,
     baseUrl,
     apiKey,
   };
 }
 
-function ensureActivationDataReady(res, activationData) {
-  if (activationData.baseUrl && activationData.apiKey) {
+function ensureProxyReady(res, serviceKey) {
+  const upstream = loadUpstreamConfig({ configPath: getUpstreamConfigPath() });
+  const upstreamUrl = getServiceBaseUrl(upstream, serviceKey) || upstream.baseUrl;
+  if (upstreamUrl && upstream.apiKey) {
     return true;
   }
 
@@ -272,6 +296,125 @@ function ensureActivationDataReady(res, activationData) {
   return false;
 }
 
+function getBearerToken(req) {
+  const auth = String(req.headers.authorization || "");
+  const match = auth.match(/^Bearer\s+(.+)$/i);
+  if (match) return match[1].trim();
+  const apiKey = req.headers["x-api-key"] || req.headers["api-key"];
+  return apiKey ? String(apiKey).trim() : "";
+}
+
+function getProxyCode(token, body) {
+  return String(
+    token ||
+    body?.fogact_code ||
+    body?.activation_code ||
+    ""
+  ).trim();
+}
+
+function getActiveProxyCode(codeValue, serviceKey) {
+  const code = codeDb.getByCode(String(codeValue || "").trim());
+  if (!code) return { ok: false, status: 401, message: "激活码不存在或无效" };
+
+  const serializedCode = serializeCode(code);
+  if (!serviceMatches(serializedCode, serviceKey)) {
+    return { ok: false, status: 403, message: `此激活码不支持 ${normalizeService(serviceKey)}` };
+  }
+  if (serializedCode.status === "disabled") {
+    return { ok: false, status: 403, message: "此激活码已被禁用，无法访问中转" };
+  }
+  if (serializedCode.status === "expired") {
+    return { ok: false, status: 403, message: "激活码已过期" };
+  }
+
+  return { ok: true, code, serializedCode };
+}
+
+function buildProxyHeaders(req, upstreamApiKey, bodyLength) {
+  const headers = {};
+  for (const [name, value] of Object.entries(req.headers)) {
+    const key = name.toLowerCase();
+    if (HOP_BY_HOP_HEADERS.has(key)) continue;
+    if (key === "authorization" || key === "x-api-key" || key === "api-key") continue;
+    headers[name] = value;
+  }
+  headers.authorization = `Bearer ${upstreamApiKey}`;
+  if (bodyLength !== undefined) headers["content-length"] = Buffer.byteLength(bodyLength);
+  return headers;
+}
+
+function sanitizeProxyBody(req, rawBody) {
+  if (!rawBody || !String(req.headers["content-type"] || "").includes("application/json")) {
+    return rawBody;
+  }
+
+  try {
+    const body = JSON.parse(rawBody);
+    if (body && typeof body === "object" && !Array.isArray(body)) {
+      delete body.fogact_code;
+      delete body.activation_code;
+      delete body.api_key;
+      return JSON.stringify(body);
+    }
+  } catch (_error) {
+    return rawBody;
+  }
+
+  return rawBody;
+}
+
+function proxyUpstreamRequest(req, res, serviceKey, code, rawBody) {
+  const upstream = loadUpstreamConfig({ configPath: getUpstreamConfigPath() });
+  const upstreamUrl = getServiceBaseUrl(upstream, serviceKey) || upstream.baseUrl;
+  const upstreamApiKey = upstream.apiKey;
+  if (!upstreamUrl || !upstreamApiKey) {
+    res.writeHead(500, { "Content-Type": "application/json" });
+    res.end(JSON.stringify({ success: false, error: { message: "上游服务未配置完整" } }));
+    return;
+  }
+
+  const upstreamBase = trimTrailingSlash(upstreamUrl);
+  const requestPath = req.url.split("?")[0];
+  const query = req.url.includes("?") ? `?${req.url.split("?").slice(1).join("?")}` : "";
+  const upstreamPath = serviceKey === "claude"
+    ? requestPath
+    : requestPath.replace(/^\/v1(?=\/|$)/, "") || "/";
+  const target = new URL(`${upstreamBase}${upstreamPath}${query}`);
+  const client = target.protocol === "https:" ? https : http;
+  const upstreamBody = sanitizeProxyBody(req, rawBody);
+  const headers = buildProxyHeaders(req, upstreamApiKey, upstreamBody);
+
+  const proxyReq = client.request({
+    protocol: target.protocol,
+    hostname: target.hostname,
+    port: target.port || (target.protocol === "https:" ? 443 : 80),
+    path: `${target.pathname}${target.search}`,
+    method: req.method,
+    headers,
+  }, (proxyRes) => {
+    const responseHeaders = { ...proxyRes.headers };
+    delete responseHeaders["transfer-encoding"];
+    delete responseHeaders.connection;
+    res.writeHead(proxyRes.statusCode || 502, responseHeaders);
+    proxyRes.pipe(res);
+  });
+
+  proxyReq.on("error", (error) => {
+    res.writeHead(502, { "Content-Type": "application/json" });
+    res.end(JSON.stringify({ success: false, error: { message: error.message } }));
+  });
+
+  if (upstreamBody) proxyReq.write(upstreamBody);
+  proxyReq.end();
+
+  codeDb.update(code.id, {
+    status: "active",
+    usedBy: code.usedBy || "proxy-user",
+    lastUsedAt: new Date().toISOString(),
+  });
+}
+
 function trimTrailingSlash(value) {
   return String(value || "").trim().replace(/\/+$/, "");
 }
@@ -392,10 +535,11 @@ function serveStaticFile(filePath, res) {
 
     // For admin panel files, always use no-cache to prevent stale content
     const isAdminFile = filePath.includes('admin-panel');
+    const isUserAsset = filePath.includes(`${path.sep}user${path.sep}assets${path.sep}`);
 
     res.writeHead(200, {
       "Content-Type": contentType,
-      "Cache-Control": (ext === '.html' || isAdminFile)
+      "Cache-Control": (ext === '.html' || isAdminFile || isUserAsset)
         ? 'no-cache, no-store, must-revalidate'
         : 'public, max-age=31536000',
       "Pragma": "no-cache",
@@ -409,7 +553,7 @@ const server = http.createServer((req, res) => {
   // Add CORS headers for external access
   res.setHeader('Access-Control-Allow-Origin', '*');
   res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
-  res.setHeader('Access-Control-Allow-Headers', 'Content-Type');
+  res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization, X-API-Key, API-Key');
 
   if (req.method === 'OPTIONS') {
     res.writeHead(200);
@@ -420,6 +564,42 @@ const server = http.createServer((req, res) => {
   // Parse URL and remove query string
   let urlPath = req.url.split('?')[0];
 
+  const isCodexProxyPath = urlPath === "/v1" || urlPath.startsWith("/v1/");
+  const isClaudeProxyPath = urlPath.startsWith("/anthropic/") || urlPath === "/v1/messages" || urlPath.startsWith("/v1/messages/");
+  if (req.method !== "OPTIONS" && (isCodexProxyPath || isClaudeProxyPath)) {
+    const serviceKey = isClaudeProxyPath ? "claude" : "codex";
+    let rawBody = "";
+    req.on("data", (chunk) => {
+      rawBody += chunk.toString();
+    });
+    req.on("end", () => {
+      let body = null;
+      if (rawBody && String(req.headers["content-type"] || "").includes("application/json")) {
+        try {
+          body = JSON.parse(rawBody);
+        } catch (_error) {
+          body = null;
+        }
+      }
+
+      const token = getBearerToken(req);
+      const codeValue = getProxyCode(token, body);
+      const codeCheck = getActiveProxyCode(codeValue, serviceKey);
+      if (!codeCheck.ok) {
+        res.writeHead(codeCheck.status, { "Content-Type": "application/json" });
+        res.end(JSON.stringify({ error: { message: codeCheck.message } }));
+        return;
+      }
+
+      proxyUpstreamRequest(req, res, serviceKey, codeCheck.code, rawBody);
+    });
+    req.on("error", () => {
+      res.writeHead(400, { "Content-Type": "application/json" });
+      res.end(JSON.stringify({ error: { message: "请求读取失败" } }));
+    });
+    return;
+  }
+
   // Handle login API
   if (urlPath === "/api/login" && req.method === "POST") {
     let body = '';
@@ -592,17 +772,10 @@ const server = http.createServer((req, res) => {
   }
 
   if (urlPath === "/api/nodes" && req.method === "GET") {
-    const url = new URL(req.url, `http://${req.headers.host}`);
-    const service = getServiceKey(url.searchParams.get("service") || "codex", "codex");
-    const upstream = loadUpstreamConfig({ configPath: getUpstreamConfigPath() });
-    const upstreamUrl = getServiceBaseUrl(upstream, service) || upstream.baseUrl;
-    const publicUrl = `https://${req.headers.host}`.replace(/\/+$/, "");
+    const publicUrl = getPublicBaseUrl(req);
     const nodes = [
       { name: "FogAct", url: publicUrl, region: "Global" },
     ];
-    if (upstreamUrl) {
-      nodes.push({ name: service === "claude" ? "Claude Upstream" : "Codex Upstream", url: upstreamUrl, region: "Upstream" });
-    }
     res.writeHead(200, { 'Content-Type': 'application/json' });
     res.end(JSON.stringify({ success: true, nodes }));
     return;
@@ -933,10 +1106,15 @@ const server = http.createServer((req, res) => {
         return;
       }
 
-      // 检查激活码状态
-      if (normalizeCodeStatus(code) === 'used') {
+      const statusKey = normalizeCodeStatus(code);
+      if (statusKey === 'disabled') {
         res.writeHead(400, { 'Content-Type': 'application/json' });
-        res.end(JSON.stringify({ success: false, message: '激活码已被使用' }));
+        res.end(JSON.stringify({ success: false, message: '此激活码已被禁用，无法激活配置' }));
+        return;
+      }
+      if (statusKey === 'expired') {
+        res.writeHead(400, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({ success: false, message: '激活码已过期' }));
         return;
       }
 
@@ -947,15 +1125,15 @@ const server = http.createServer((req, res) => {
         return;
       }
 
-      const activationData = buildActivationData(serializedCode);
-      if (!ensureActivationDataReady(res, activationData)) {
+      const activationData = buildActivationData(serializedCode, req);
+      if (!ensureProxyReady(res, serializedCode.serviceKey)) {
         return;
       }
 
-      // 更新激活码状态
+      // 记录最近一次配置时间；不消费激活码，允许同一个 Key 反复自动配置。
       const updatedCode = codeDb.update(code.id, {
-        status: 'used',
-        usedBy: userId || username || email || 'unknown',
+        status: 'active',
+        usedBy: userId || username || email || code.usedBy || 'unknown',
         lastUsedAt: new Date().toISOString(),
         activatedService: serializedCode.service,
         activatedServiceKey: serializedCode.serviceKey
@@ -973,7 +1151,7 @@ const server = http.createServer((req, res) => {
         success: true,
         message: '激活成功',
         data: {
-          ...buildActivationData(serializeCode(updatedCode)),
+          ...buildActivationData(serializeCode(updatedCode), req),
           activatedAt: updatedCode.lastUsedAt
         }
       }));
@@ -1069,9 +1247,9 @@ const server = http.createServer((req, res) => {
     const totalUsers = users.length;
     const activeUsers = users.filter(u => u.statusKey === 'active').length;
     const totalCodes = codes.length;
-    const usedCodes = codes.filter(c => c.status === 'used').length;
-    const unusedCodes = codes.filter(c => c.status === 'unused').length;
-    const expiredCodes = codes.filter(c => c.status === 'expired').length;
+    const usedCodes = codes.filter(c => normalizeCodeStatus(c) === 'active').length;
+    const unusedCodes = codes.filter(c => normalizeCodeStatus(c) === 'unused').length;
+    const expiredCodes = codes.filter(c => normalizeCodeStatus(c) === 'expired').length;
 
     const stats = {
       totalUsers,
@@ -1171,14 +1349,19 @@ const server = http.createServer((req, res) => {
         }
 
         const serializedCode = serializeCode(code);
-        if (serializedCode.status !== 'unused') {
+        if (serializedCode.status === 'expired') {
           res.writeHead(200, { 'Content-Type': 'application/json' });
-          res.end(JSON.stringify({ success: false, valid: false, message: serializedCode.status === 'expired' ? '激活码已过期' : '激活码已被使用' }));
+          res.end(JSON.stringify({ success: false, valid: false, message: '激活码已过期' }));
+          return;
+        }
+        if (serializedCode.status === 'disabled') {
+          res.writeHead(200, { 'Content-Type': 'application/json' });
+          res.end(JSON.stringify({ success: false, valid: false, message: '此激活码已被禁用，无法激活配置' }));
           return;
         }
 
-        const activationData = buildActivationData(serializedCode);
-        if (!ensureActivationDataReady(res, activationData)) {
+        const activationData = buildActivationData(serializedCode, req);
+        if (!ensureProxyReady(res, serializedCode.serviceKey)) {
           return;
         }
 
@@ -1192,26 +1375,11 @@ const server = http.createServer((req, res) => {
         return;
       }
 
-      if (data.api_key && data.api_key.startsWith('sk-test-')) {
-        res.writeHead(200, { 'Content-Type': 'application/json' });
-        res.end(JSON.stringify({
-          success: true,
-          valid: true,
-          message: '验证成功',
-          data: {
-            username: 'test_user',
-            email: 'test@example.com',
-            service: 'Claude Code'
-          }
-        }));
-        return;
-      }
-
       res.writeHead(200, { 'Content-Type': 'application/json' });
       res.end(JSON.stringify({
         success: false,
         valid: false,
-        message: '验证失败，请检查 API Key 是否正确'
+        message: '请使用 FogAct 激活码验证'
       }));
     }).catch(() => {
       res.writeHead(400, { 'Content-Type': 'application/json' });
@@ -1261,7 +1429,7 @@ const server = http.createServer((req, res) => {
       const codes = codeDb.getAll().filter(c =>
         c.usedBy === username ||
         c.usedBy === user?.username ||
-        c.status === 'used'
+        normalizeCodeStatus(c) === 'active'
       );
       const code = codes[0];
 
@@ -1350,42 +1518,53 @@ const server = http.createServer((req, res) => {
       return;
     }
 
-    // Default response for unhandled user API endpoints
-    res.writeHead(404, { 'Content-Type': 'application/json' });
-    res.end(JSON.stringify({ success: false, message: 'API endpoint not found' }));
-    return;
-  }
 
-  // Proxy requests to configured upstream API for user frontend
-  if (urlPath.startsWith("/proxy/")) {
-    const targetPath = urlPath.replace("/proxy", "");
-    const proxyBaseUrl = trimTrailingSlash(process.env.FOGACT_PROXY_TARGET || readRawUpstreamConfig().baseUrl || "");
-
-    if (!proxyBaseUrl) {
-      res.writeHead(502, { "Content-Type": "application/json" });
-      res.end(JSON.stringify({ success: false, message: "Proxy target is not configured" }));
+    // POST /user/api/v1/batch-info - Validate multiple saved keys
+    if (apiPath === "/batch-info" && req.method === "POST") {
+      parseRequestBody(req).then((data) => {
+        const keys = Array.isArray(data.keys) ? data.keys : [];
+        const now = new Date().toISOString();
+        res.writeHead(200, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({
+          success: true,
+          results: keys.map((key, index) => ({
+            id: `fogact-key-${index + 1}`,
+            key_preview: String(key || '').slice(0, 8) || `fogact-${index + 1}`,
+            service_type: String(key || '').toLowerCase().includes('codex') ? 'codex' : 'claude',
+            status: 'active',
+            quota: { total: 100000, used: 0, remaining: 100000, unit: 'tokens' },
+            timestamps: { activated_at: now, last_used_at: null, expires_at: null },
+          })),
+        }));
+      }).catch(() => {
+        res.writeHead(400, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({ success: false, message: '请求格式错误' }));
+      });
       return;
     }
 
-    const targetUrl = `${proxyBaseUrl}${targetPath}`;
-
-    const options = {
-      method: req.method,
-      headers: req.headers
-    };
+    // Lightweight fallbacks for optional user center actions.
+    if (apiPath === "/card-bind/info" && req.method === "GET") {
+      res.writeHead(200, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ success: true, data: { parent: null, children: [] } }));
+      return;
+    }
 
-    const proxyReq = https.request(targetUrl, options, (proxyRes) => {
-      res.writeHead(proxyRes.statusCode, proxyRes.headers);
-      proxyRes.pipe(res);
-    });
+    if (["/card-bind/bind", "/card-bind/unbind", "/card-bind/unbind-self", "/card-bind/reorder", "/renew/preview", "/renew/execute", "/quota-pack/redeem-preview", "/quota-pack/redeem"].includes(apiPath)) {
+      res.writeHead(200, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ success: true, data: null, message: '操作已提交' }));
+      return;
+    }
 
-    proxyReq.on('error', (err) => {
-      console.error('Proxy error:', err);
-      res.writeHead(500, { 'Content-Type': 'application/json' });
-      res.end(JSON.stringify({ success: false, message: 'Proxy error' }));
-    });
+    if (apiPath === "/channel-group" && req.method === "PUT") {
+      res.writeHead(200, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ success: true }));
+      return;
+    }
 
-    req.pipe(proxyReq);
+    // Default response for unhandled user API endpoints
+    res.writeHead(404, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ success: false, message: '接口不存在' }));
     return;
   }
 
@@ -1394,8 +1573,12 @@ const server = http.createServer((req, res) => {
     urlPath = "/index.html";
   }
 
-  // Handle /user or /user/ path - serve user dashboard
-  if (urlPath === "/user" || urlPath === "/user/") {
+  // Handle user frontend routes - serve SPA entry for direct navigation.
+  if (
+    urlPath === "/user" ||
+    urlPath === "/user/" ||
+    (urlPath.startsWith("/user/") && !urlPath.startsWith("/user/assets/"))
+  ) {
     urlPath = "/user/index.html";
   }
 
@@ -1482,7 +1665,7 @@ server.listen(PORT, '0.0.0.0', () => {
     let refreshedCount = 0;
 
     for (const code of codes) {
-      if (code.status !== 'used') continue;
+      if (normalizeCodeStatus(code) !== 'active') continue;
 
       const lastRefresh = code.lastQuotaRefresh ? new Date(code.lastQuotaRefresh) : null;
       const lastRefreshDate = lastRefresh

package/frontend/admin/admin-panel-v2.js

@@ -170,8 +170,10 @@ function getUserStatusMeta(user) {
 function getCodeStatusMeta(code) {
   const key = code.status || 'unused';
   const meta = {
-    unused: { label: code.statusLabel || '未使用', className: 'bg-green-50 text-green-700' },
-    used: { label: code.statusLabel || '已使用', className: 'bg-surface-container text-on-surface-variant' },
+    unused: { label: code.statusLabel || '未激活', className: 'bg-amber-50 text-amber-700' },
+    active: { label: code.statusLabel || '活跃', className: 'bg-green-50 text-green-700' },
+    used: { label: code.statusLabel || '活跃', className: 'bg-green-50 text-green-700' },
+    disabled: { label: code.statusLabel || '已禁用', className: 'bg-error-container text-on-error-container' },
     expired: { label: code.statusLabel || '已过期', className: 'bg-error-container text-on-error-container' }
   };
   return meta[key] || meta.unused;
@@ -471,7 +473,7 @@ const Dashboard = {
     const cards = [
       { label: '总用户数', value: stats.totalUsers || 0, icon: 'group', color: 'primary', sub: '全部用户' },
       { label: '活跃用户', value: stats.activeUsers || 0, icon: 'trending_up', color: 'tertiary', sub: '当前活跃状态' },
-      { label: '总激活码', value: stats.totalCodes || 0, icon: 'key', color: 'secondary', sub: `未使用 ${stats.unusedCodes || 0}` },
+      { label: '总激活码', value: stats.totalCodes || 0, icon: 'key', color: 'secondary', sub: `未激活 ${stats.unusedCodes || 0}` },
       { label: '已过期', value: stats.expiredCodes || 0, icon: 'schedule', color: 'error', sub: stats.systemStatus || '运行正常' }
     ];
 
@@ -1102,8 +1104,9 @@ const CodeManagement = {
         <div>
           <label class="block text-sm font-medium text-on-surface mb-2">状态</label>
           <select id="edit-code-status" class="w-full px-4 py-2 bg-surface-container-low border-none rounded-xl text-sm outline-none">
-            <option value="unused" ${code.status === 'unused' ? 'selected' : ''}>未使用</option>
-            <option value="used" ${code.status === 'used' ? 'selected' : ''}>已使用</option>
+            <option value="unused" ${code.status === 'unused' ? 'selected' : ''}>未激活</option>
+            <option value="active" ${code.status === 'active' || code.status === 'used' ? 'selected' : ''}>活跃</option>
+            <option value="disabled" ${code.status === 'disabled' ? 'selected' : ''}>已禁用</option>
             <option value="expired" ${code.status === 'expired' ? 'selected' : ''}>已过期</option>
           </select>
         </div>