iflow-local-proxy 1.0.0

package/src/index.js

@@ -0,0 +1,774 @@
+import express from 'express';
+import fs from 'fs';
+import path from 'path';
+import { fileURLToPath } from 'url';
+import { loadConfig, findConfigPath } from './config.js';
+import { loadCredential, refreshOAuthToken, refreshCookieApiKey, saveCredential, resolveAuthDir } from './auth/credentials.js';
+import { chatCompletions, chatCompletionsStream, listModels, ProxyError } from './iflow/client.js';
+import { mergeWithKnownModels, validateModel } from './iflow/models.js';
+import { anthropicToOpenAI, openAIToAnthropic, anthropicError, AnthropicStreamAdapter } from './anthropic/adapter.js';
+import { CircuitBreaker, RequestThrottler } from './protection/circuit-breaker.js';
+import { startOAuthSession } from './auth/oauth.js';
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+const PKG_ROOT = path.join(__dirname, '..');
+
+const app = express();
+app.use(express.json({ limit: '10mb' }));
+
+// ========================
+// 加载配置
+// ========================
+
+const configPath = findConfigPath(path.join(PKG_ROOT, 'config.yaml'));
+const config = loadConfig(configPath);
+const authDir = config['auth-dir'];
+
+// 单账号模式: 只加载一个凭据
+let credential = loadCredential(authDir);
+
+// ========================
+// 防封保护模块
+// ========================
+
+const protectionConfig = config.protection || {};
+const cbConfig = protectionConfig['circuit-breaker'] || {};
+
+const circuitBreaker = new CircuitBreaker({
+  enabled: cbConfig.enabled !== false,
+  pauseDuration: cbConfig['pause-duration'] || 3600,
+  maxConsecutive434: cbConfig['max-consecutive-434'] || 3,
+});
+
+const throttler = new RequestThrottler({
+  minInterval: protectionConfig['min-request-interval'] || 2000,
+  jitterMax: protectionConfig['jitter-max'] || 1000,
+  maxPerMinute: protectionConfig['max-requests-per-minute'] || 20,
+});
+
+const modelWhitelist = protectionConfig['model-whitelist'] || [];
+
+// ========================
+// 快捷方法
+// ========================
+
+function getApiKey() {
+  return credential?.data?.api_key || null;
+}
+
+function getAccountName() {
+  return credential?.data?.email || 'none';
+}
+
+// ========================
+// 统计
+// ========================
+
+const STATS_DIR = path.join(resolveAuthDir(authDir), 'data');
+const STATS_FILE = path.join(STATS_DIR, 'stats.json');
+
+function loadPersistentStats() {
+  try {
+    if (fs.existsSync(STATS_FILE)) {
+      const saved = JSON.parse(fs.readFileSync(STATS_FILE, 'utf-8'));
+      return {
+        totalRequests: saved.totalRequests || 0,
+        totalErrors: saved.totalErrors || 0,
+        totalTokens: saved.totalTokens || { input: 0, output: 0 },
+        startTime: Date.now(),
+        requestsByModel: saved.requestsByModel || {},
+        recentRequests: (saved.recentRequests || []).filter(r => Date.now() - r.timestamp < 7 * 24 * 3600 * 1000),
+      };
+    }
+  } catch {}
+  return { totalRequests: 0, totalErrors: 0, totalTokens: { input: 0, output: 0 }, startTime: Date.now(), requestsByModel: {}, recentRequests: [] };
+}
+
+function saveStatsToDisk() {
+  try {
+    if (!fs.existsSync(STATS_DIR)) fs.mkdirSync(STATS_DIR, { recursive: true });
+    const toSave = {
+      totalRequests: stats.totalRequests,
+      totalErrors: stats.totalErrors,
+      totalTokens: stats.totalTokens,
+      requestsByModel: stats.requestsByModel,
+      recentRequests: stats.recentRequests.slice(-1000),
+    };
+    fs.writeFileSync(STATS_FILE, JSON.stringify(toSave, null, 2));
+  } catch (err) {
+    console.warn('[warn] 保存统计失败:', err.message);
+  }
+}
+
+const stats = loadPersistentStats();
+setInterval(saveStatsToDisk, 60000);
+process.on('exit', saveStatsToDisk);
+process.on('SIGINT', () => { saveStatsToDisk(); process.exit(0); });
+
+if (credential) {
+  console.log(`[info] 已加载账号: ${credential.data.email} (${credential.filename})`);
+} else {
+  console.warn('[warn] 未找到凭据，请通过 API 添加账号后才能使用');
+}
+
+// 定时刷新凭据（每1小时）
+setInterval(async () => {
+  if (!credential) return;
+  try {
+    let success = false;
+    if (credential.data.cookie) {
+      success = await refreshCookieApiKey(credential, authDir);
+    } else if (credential.data.refresh_token) {
+      success = await refreshOAuthToken(credential, authDir);
+    }
+    if (success) {
+      credential = loadCredential(authDir);
+      console.log('[info] 凭据刷新成功');
+    }
+  } catch (err) {
+    console.error(`[error] 凭据刷新异常: ${err.message}`);
+  }
+}, 3600 * 1000);
+
+// 启动时刷新即将过期的凭据
+if (credential) {
+  (async () => {
+    try {
+      const expired = new Date(credential.data.expired).getTime();
+      const leadTime = 47 * 3600 * 1000;
+      if (!isNaN(expired) && Date.now() + leadTime > expired) {
+        let success = false;
+        if (credential.data.cookie) success = await refreshCookieApiKey(credential, authDir);
+        else if (credential.data.refresh_token) success = await refreshOAuthToken(credential, authDir);
+        if (success) credential = loadCredential(authDir);
+      }
+    } catch {}
+  })();
+}
+
+// ========================
+// 模型列表缓存
+// ========================
+
+let modelCache = { data: [], timestamp: 0 };
+const MODEL_CACHE_TTL = 10 * 60 * 1000;
+
+async function getModels() {
+  if (Date.now() - modelCache.timestamp < MODEL_CACHE_TTL && modelCache.data.length > 0) {
+    return modelCache.data;
+  }
+
+  const allModels = new Map();
+  const apiKey = getApiKey();
+  if (apiKey) {
+    try {
+      const resp = await listModels(apiKey);
+      if (resp?.data) {
+        for (const model of resp.data) {
+          allModels.set(model.id, model);
+        }
+      }
+    } catch {}
+  }
+
+  const models = mergeWithKnownModels(Array.from(allModels.values()));
+  modelCache = { data: models, timestamp: Date.now() };
+  console.log(`[info] 模型列表已更新: ${models.length} 个模型`);
+  return models;
+}
+
+getModels().catch(() => {});
+
+// ========================
+// 核心中间件: 防封保护 + 账号检查
+// ========================
+
+async function protectionMiddleware(req, res, next) {
+  // 0. 检查是否有可用账号
+  if (!credential || !getApiKey()) {
+    return res.status(503).json({
+      error: {
+        message: '未配置账号。请先通过 POST /api/account/set-key 或 POST /api/login/oauth 添加凭据',
+        type: 'no_account',
+      },
+    });
+  }
+
+  // 1. 熔断器检查
+  const cbCheck = circuitBreaker.check();
+  if (!cbCheck.allowed) {
+    console.warn(`[protection] 请求被熔断器拒绝: ${cbCheck.reason}`);
+    if (cbCheck.retryAfter) res.set('Retry-After', String(cbCheck.retryAfter));
+    return res.status(503).json({
+      error: {
+        message: `🛡️ 防封保护: ${cbCheck.reason}`,
+        type: 'circuit_breaker',
+      },
+    });
+  }
+
+  // 2. 模型白名单检查
+  const model = req.body?.model;
+  if (model) {
+    const { allowed, suggestion } = validateModel(model, modelWhitelist);
+    if (!allowed) {
+      const msg = suggestion
+        ? `模型 "${model}" 不在白名单中。你是否想用 "${suggestion}"？`
+        : `模型 "${model}" 不在白名单中。可用模型: ${modelWhitelist.join(', ')}`;
+      console.warn(`[protection] 模型被白名单拦截: ${model}`);
+      return res.status(400).json({
+        error: { message: `🛡️ 防封保护: ${msg}`, type: 'model_not_allowed' },
+      });
+    }
+  }
+
+  // 3. 请求节流 (等待或拒绝)
+  const throttleResult = await throttler.waitForSlot();
+  if (!throttleResult.allowed) {
+    if (throttleResult.retryAfter) res.set('Retry-After', String(throttleResult.retryAfter));
+    return res.status(429).json({
+      error: {
+        message: `🛡️ 防封保护: ${throttleResult.reason}`,
+        type: 'throttled',
+      },
+    });
+  }
+
+  if (throttleResult.waited > 100) {
+    console.log(`[protection] 请求已等待 ${throttleResult.waited}ms（节流保护）`);
+  }
+
+  next();
+}
+
+// ========================
+// 路由: GET /
+// ========================
+
+app.get('/', (req, res) => {
+  res.json({
+    name: 'iflow-local-proxy',
+    version: '1.0.0',
+    mode: 'local-only (single-account)',
+    status: circuitBreaker.getStatus().state,
+    account: credential ? {
+      email: credential.data.email,
+      apiKeyPrefix: credential.data.api_key ? credential.data.api_key.substring(0, 12) + '...' : '',
+      expired: credential.data.expired,
+    } : null,
+    protection: {
+      circuitBreaker: circuitBreaker.getStatus(),
+      throttler: throttler.getStatus(),
+      modelWhitelist: modelWhitelist.length > 0 ? modelWhitelist : 'disabled',
+    },
+  });
+});
+
+// ========================
+// 路由: GET /v1/models
+// ========================
+
+app.get('/v1/models', async (req, res) => {
+  try {
+    const models = await getModels();
+    const filtered = modelWhitelist.length > 0
+      ? models.filter(m => modelWhitelist.includes(m.id))
+      : models;
+    res.json({ object: 'list', data: filtered });
+  } catch (err) {
+    res.status(500).json({ error: { message: err.message, type: 'server_error' } });
+  }
+});
+
+// ========================
+// 路由: POST /v1/messages/count_tokens (Anthropic)
+// ========================
+
+app.post('/v1/messages/count_tokens', (req, res) => {
+  const body = req.body;
+  let totalChars = 0;
+
+  if (body.system) {
+    if (typeof body.system === 'string') totalChars += body.system.length;
+    else if (Array.isArray(body.system)) {
+      for (const block of body.system) {
+        if (block.type === 'text') totalChars += (block.text || '').length;
+      }
+    }
+  }
+
+  for (const msg of body.messages || []) {
+    if (typeof msg.content === 'string') totalChars += msg.content.length;
+    else if (Array.isArray(msg.content)) {
+      for (const block of msg.content) {
+        if (block.type === 'text') totalChars += (block.text || '').length;
+        else if (block.type === 'thinking') totalChars += (block.thinking || '').length;
+        else if (block.type === 'tool_use') totalChars += JSON.stringify(block.input || {}).length;
+        else if (block.type === 'tool_result') {
+          if (typeof block.content === 'string') totalChars += block.content.length;
+          else if (Array.isArray(block.content)) {
+            for (const b of block.content) { if (b.type === 'text') totalChars += (b.text || '').length; }
+          }
+        }
+      }
+    }
+  }
+
+  if (body.tools?.length) totalChars += JSON.stringify(body.tools).length;
+
+  res.json({ input_tokens: Math.ceil(totalChars / 3) });
+});
+
+// ========================
+// 路由: POST /v1/messages (Anthropic)
+// ========================
+
+app.post('/v1/messages', protectionMiddleware, async (req, res) => {
+  const anthropicReq = req.body;
+  const model = anthropicReq.model;
+  const isStream = anthropicReq.stream === true;
+  const apiKey = getApiKey();
+
+  console.log(`[info] Anthropic ${isStream ? 'Stream' : 'Non-stream'} | model=${model} | account=${getAccountName()}`);
+
+  stats.totalRequests++;
+  stats.requestsByModel[model] = (stats.requestsByModel[model] || 0) + 1;
+  const requestRecord = { timestamp: Date.now(), model, inputTokens: 0, outputTokens: 0 };
+  stats.recentRequests.push(requestRecord);
+  if (stats.recentRequests.length > 2000) stats.recentRequests = stats.recentRequests.slice(-1000);
+
+  let openaiBody;
+  try {
+    openaiBody = anthropicToOpenAI(anthropicReq);
+  } catch (err) {
+    return res.status(400).json(anthropicError(400, `Request conversion error: ${err.message}`));
+  }
+
+  try {
+    if (isStream) {
+      await handleAnthropicStream(apiKey, openaiBody, model, res, requestRecord);
+    } else {
+      await handleAnthropicNonStream(apiKey, openaiBody, model, res, requestRecord);
+    }
+    circuitBreaker.onSuccess();
+  } catch (err) {
+    handleUpstreamError(err, model);
+    handleAnthropicError(err, res);
+  }
+});
+
+async function handleAnthropicNonStream(apiKey, openaiBody, model, res, requestRecord) {
+  openaiBody.stream = false;
+  const result = await chatCompletions(apiKey, openaiBody);
+  const anthropicResp = openAIToAnthropic(result, model);
+  if (result.usage && requestRecord) {
+    requestRecord.inputTokens = result.usage.prompt_tokens || 0;
+    requestRecord.outputTokens = result.usage.completion_tokens || 0;
+    stats.totalTokens.input += requestRecord.inputTokens;
+    stats.totalTokens.output += requestRecord.outputTokens;
+  }
+  res.json(anthropicResp);
+}
+
+async function handleAnthropicStream(apiKey, openaiBody, model, res, requestRecord) {
+  openaiBody.stream = true;
+  const upstream = await chatCompletionsStream(apiKey, openaiBody);
+
+  res.setHeader('Content-Type', 'text/event-stream');
+  res.setHeader('Cache-Control', 'no-cache');
+  res.setHeader('Connection', 'keep-alive');
+  res.setHeader('X-Accel-Buffering', 'no');
+
+  const adapter = new AnthropicStreamAdapter(res, model);
+  const reader = upstream.body.getReader();
+  const decoder = new TextDecoder();
+
+  try {
+    while (true) {
+      const { done, value } = await reader.read();
+      if (done) break;
+      adapter.feed(decoder.decode(value, { stream: true }));
+    }
+    adapter.flush();
+  } catch (err) {
+    console.error(`[error] Anthropic 流式传输中断: ${err.message}`);
+  } finally {
+    if (requestRecord) {
+      requestRecord.inputTokens = adapter.inputTokens || 0;
+      requestRecord.outputTokens = adapter.outputTokens || 0;
+      stats.totalTokens.input += requestRecord.inputTokens;
+      stats.totalTokens.output += requestRecord.outputTokens;
+    }
+    res.end();
+  }
+}
+
+function handleAnthropicError(err, res) {
+  if (res.headersSent) return;
+  if (err instanceof ProxyError) {
+    const status = err.status || 500;
+    res.status(status).json(anthropicError(status, err.body || err.message));
+  } else {
+    res.status(500).json(anthropicError(500, 'Internal server error'));
+  }
+}
+
+// ========================
+// 路由: POST /v1/chat/completions (OpenAI)
+// ========================
+
+app.post('/v1/chat/completions', protectionMiddleware, async (req, res) => {
+  const body = req.body;
+  const model = body.model;
+  const isStream = body.stream === true;
+  const apiKey = getApiKey();
+
+  console.log(`[info] OpenAI ${isStream ? 'Stream' : 'Non-stream'} | model=${model} | account=${getAccountName()}`);
+
+  stats.totalRequests++;
+  stats.requestsByModel[model] = (stats.requestsByModel[model] || 0) + 1;
+  const requestRecord = { timestamp: Date.now(), model, inputTokens: 0, outputTokens: 0 };
+  stats.recentRequests.push(requestRecord);
+  if (stats.recentRequests.length > 2000) stats.recentRequests = stats.recentRequests.slice(-1000);
+
+  try {
+    if (isStream) {
+      await handleStream(apiKey, body, model, res, requestRecord);
+    } else {
+      await handleNonStream(apiKey, body, model, res, requestRecord);
+    }
+    circuitBreaker.onSuccess();
+  } catch (err) {
+    handleUpstreamError(err, model);
+    handleError(err, res);
+  }
+});
+
+async function handleNonStream(apiKey, body, model, res, requestRecord) {
+  const result = await chatCompletions(apiKey, body);
+  if (result.usage && requestRecord) {
+    requestRecord.inputTokens = result.usage.prompt_tokens || 0;
+    requestRecord.outputTokens = result.usage.completion_tokens || 0;
+    stats.totalTokens.input += requestRecord.inputTokens;
+    stats.totalTokens.output += requestRecord.outputTokens;
+  }
+  res.json(result);
+}
+
+async function handleStream(apiKey, body, model, res, requestRecord) {
+  const upstream = await chatCompletionsStream(apiKey, body);
+
+  res.setHeader('Content-Type', 'text/event-stream');
+  res.setHeader('Cache-Control', 'no-cache');
+  res.setHeader('Connection', 'keep-alive');
+  res.setHeader('X-Accel-Buffering', 'no');
+
+  const reader = upstream.body.getReader();
+  const decoder = new TextDecoder();
+  let lastUsage = null;
+
+  try {
+    while (true) {
+      const { done, value } = await reader.read();
+      if (done) break;
+      const chunk = decoder.decode(value, { stream: true });
+      res.write(chunk);
+
+      const lines = chunk.split('\n');
+      for (const line of lines) {
+        const trimmed = line.startsWith('data:') ? line.slice(5).trim() : null;
+        if (!trimmed || trimmed === '[DONE]') continue;
+        try {
+          const parsed = JSON.parse(trimmed);
+          if (parsed.usage) lastUsage = parsed.usage;
+        } catch {}
+      }
+    }
+  } catch (err) {
+    console.error(`[error] 流式传输中断: ${err.message}`);
+  } finally {
+    if (lastUsage && requestRecord) {
+      requestRecord.inputTokens = lastUsage.prompt_tokens || 0;
+      requestRecord.outputTokens = lastUsage.completion_tokens || 0;
+      stats.totalTokens.input += requestRecord.inputTokens;
+      stats.totalTokens.output += requestRecord.outputTokens;
+    }
+    res.end();
+  }
+}
+
+// ========================
+// 上游错误处理 + 熔断器联动
+// ========================
+
+function handleUpstreamError(err, model) {
+  stats.totalErrors++;
+  if (err instanceof ProxyError) {
+    console.error(`[error] iFlow 上游错误: ${err.status} | model=${model} | account=${getAccountName()}`);
+
+    // 434 = AK blocked → 触发熔断器
+    if (err.status === 434) {
+      console.error(`[ALERT] ⚠️ 收到 434 (AK blocked)！账号: ${getAccountName()}`);
+      circuitBreaker.on434(getAccountName());
+    }
+  }
+}
+
+function handleError(err, res) {
+  if (res.headersSent) return;
+  if (err instanceof ProxyError) {
+    try {
+      const body = JSON.parse(err.body);
+      res.status(err.status).json(body);
+    } catch {
+      res.status(err.status).json({ error: { message: err.body, type: 'upstream_error' } });
+    }
+  } else {
+    res.status(500).json({ error: { message: 'Internal server error', type: 'server_error' } });
+  }
+}
+
+// ========================
+// 管理 API
+// ========================
+
+// 状态概览
+app.get('/api/status', (req, res) => {
+  const uptime = Math.floor((Date.now() - stats.startTime) / 1000);
+  res.json({
+    uptime,
+    mode: 'local-only (single-account)',
+    totalRequests: stats.totalRequests,
+    totalErrors: stats.totalErrors,
+    totalTokens: stats.totalTokens,
+    protection: {
+      circuitBreaker: circuitBreaker.getStatus(),
+      throttler: throttler.getStatus(),
+      modelWhitelist: modelWhitelist.length > 0 ? `${modelWhitelist.length} models` : 'disabled',
+    },
+    account: credential ? {
+      filename: credential.filename,
+      email: credential.data.email,
+      type: credential.data.cookie ? 'cookie' : (credential.data.refresh_token ? 'oauth' : 'api-key'),
+      expired: credential.data.expired,
+      lastRefresh: credential.data.last_refresh,
+      apiKeyPrefix: credential.data.api_key ? credential.data.api_key.substring(0, 12) + '...' : '',
+    } : null,
+    requestsByModel: stats.requestsByModel,
+  });
+});
+
+// 熔断器管理
+app.get('/api/circuit-breaker', (req, res) => {
+  res.json(circuitBreaker.getStatus());
+});
+
+app.post('/api/circuit-breaker/reset', (req, res) => {
+  circuitBreaker.reset();
+  res.json({ success: true, message: '熔断器已重置', status: circuitBreaker.getStatus() });
+});
+
+// OAuth 登录 (会覆盖当前账号)
+const oauthSessions = new Map();
+
+app.post('/api/login/oauth', async (req, res) => {
+  try {
+    const { sessionId, authUrl, session, promise } = await startOAuthSession(authDir);
+    oauthSessions.set(sessionId, { session, promise });
+
+    promise.then(() => {
+      // 清除其他凭据文件，只保留最新的
+      const dir = resolveAuthDir(authDir);
+      const files = fs.readdirSync(dir)
+        .filter(f => f.startsWith('iflow-') && f.endsWith('.json'))
+        .sort()
+        .reverse();
+      // 保留最新的那个，删除其余
+      for (let i = 1; i < files.length; i++) {
+        try { fs.unlinkSync(path.join(dir, files[i])); } catch {}
+      }
+      credential = loadCredential(authDir);
+      setTimeout(() => oauthSessions.delete(sessionId), 30000);
+    });
+
+    res.json({ sessionId, authUrl, message: '请在浏览器中打开 authUrl 完成登录（将覆盖当前账号）' });
+  } catch (err) {
+    if (err.code === 'EADDRINUSE') {
+      return res.status(409).json({ error: '回调端口 11451 被占用' });
+    }
+    res.status(500).json({ error: err.message });
+  }
+});
+
+app.get('/api/login/oauth/:sessionId', (req, res) => {
+  const entry = oauthSessions.get(req.params.sessionId);
+  if (!entry) return res.json({ status: 'not_found' });
+  res.json({ status: entry.session.status, result: entry.session.result });
+});
+
+// 设置 API Key (覆盖当前账号)
+app.post('/api/account/set-key', (req, res) => {
+  const { apiKey, name } = req.body;
+  if (!apiKey) return res.status(400).json({ error: '需要提供 apiKey' });
+
+  // 清除旧凭据文件
+  const dir = resolveAuthDir(authDir);
+  if (fs.existsSync(dir)) {
+    const oldFiles = fs.readdirSync(dir).filter(f => f.startsWith('iflow-') && f.endsWith('.json'));
+    for (const f of oldFiles) {
+      try { fs.unlinkSync(path.join(dir, f)); } catch {}
+    }
+  }
+
+  const timestamp = Math.floor(Date.now() / 1000);
+  const filename = `iflow-${name || 'account'}-${timestamp}.json`;
+  saveCredential(authDir, filename, {
+    access_token: '', refresh_token: '',
+    last_refresh: new Date().toISOString(),
+    expired: new Date(Date.now() + 365 * 24 * 3600 * 1000).toISOString(),
+    api_key: apiKey,
+    email: name || 'account',
+    token_type: '', scope: '', cookie: '',
+    type: 'iflow', disabled: false,
+  });
+  credential = loadCredential(authDir);
+
+  // 同时重置熔断器（新 Key 应该是干净的）
+  circuitBreaker.reset();
+
+  console.log(`[info] API Key 已设置: ${name || 'account'} -> ${filename}`);
+  res.json({ success: true, filename, message: '已设置新 API Key，熔断器已重置' });
+});
+
+// Cookie 登录 (覆盖当前账号)
+app.post('/api/account/set-cookie', async (req, res) => {
+  const { cookie, name } = req.body;
+  if (!cookie) return res.status(400).json({ error: '请输入 Cookie' });
+
+  const match = cookie.match(/BXAuth=([^;]+)/);
+  if (!match) return res.status(400).json({ error: 'Cookie 中未找到 BXAuth 字段' });
+  const cleanCookie = `BXAuth=${match[1]};`;
+
+  try {
+    const apiResp = await fetch('https://platform.iflow.cn/api/openapi/apikey', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json', 'Cookie': cleanCookie },
+      body: JSON.stringify({ name: name || 'iflow-proxy' }),
+    });
+    if (!apiResp.ok) return res.status(apiResp.status).json({ error: `API Key 获取失败: ${apiResp.status}` });
+
+    const result = await apiResp.json();
+    const apiKey = result.data?.apiKey;
+    if (!apiKey) return res.status(500).json({ error: '返回数据中未找到 apiKey' });
+
+    // 清除旧凭据
+    const dir = resolveAuthDir(authDir);
+    if (fs.existsSync(dir)) {
+      const oldFiles = fs.readdirSync(dir).filter(f => f.startsWith('iflow-') && f.endsWith('.json'));
+      for (const f of oldFiles) {
+        try { fs.unlinkSync(path.join(dir, f)); } catch {}
+      }
+    }
+
+    const timestamp = Math.floor(Date.now() / 1000);
+    const filename = `iflow-${name || 'cookie'}-${timestamp}.json`;
+    saveCredential(authDir, filename, {
+      access_token: '', refresh_token: '',
+      last_refresh: new Date().toISOString(),
+      expired: new Date(Date.now() + 48 * 3600 * 1000).toISOString(),
+      api_key: apiKey, email: name || 'cookie-user',
+      token_type: '', scope: '', cookie: cleanCookie,
+      type: 'iflow', disabled: false,
+    });
+    credential = loadCredential(authDir);
+    circuitBreaker.reset();
+    res.json({ success: true, email: name || 'cookie-user', filename });
+  } catch (err) {
+    res.status(500).json({ error: err.message });
+  }
+});
+
+// 手动刷新当前凭据
+app.post('/api/account/refresh', async (req, res) => {
+  if (!credential) return res.status(404).json({ error: '未找到账号' });
+
+  let success = false;
+  if (credential.data.cookie) {
+    success = await refreshCookieApiKey(credential, authDir);
+  } else if (credential.data.refresh_token) {
+    success = await refreshOAuthToken(credential, authDir);
+  } else {
+    return res.status(400).json({ error: '该账号没有可用的刷新方式（纯 API Key 无法刷新）' });
+  }
+
+  if (success) {
+    credential = loadCredential(authDir);
+    res.json({ success: true, email: credential?.data.email, expired: credential?.data.expired });
+  } else {
+    res.status(500).json({ error: '刷新失败' });
+  }
+});
+
+// 查看当前账号
+app.get('/api/account', (req, res) => {
+  if (!credential) return res.json({ account: null });
+  res.json({
+    account: {
+      filename: credential.filename,
+      email: credential.data.email,
+      type: credential.data.cookie ? 'cookie' : (credential.data.refresh_token ? 'oauth' : 'api-key'),
+      expired: credential.data.expired,
+      lastRefresh: credential.data.last_refresh,
+      apiKeyPrefix: credential.data.api_key ? credential.data.api_key.substring(0, 12) + '...' : '',
+    },
+  });
+});
+
+// 删除当前账号
+app.delete('/api/account', (req, res) => {
+  if (!credential) return res.status(404).json({ error: '无账号' });
+  const dir = resolveAuthDir(authDir);
+  try {
+    fs.unlinkSync(path.join(dir, credential.filename));
+  } catch {}
+  credential = null;
+  res.json({ success: true, message: '账号已删除' });
+});
+
+// ========================
+// 启动服务 (仅绑定 127.0.0.1)
+// ========================
+
+const port = parseInt(process.env.IFLOW_PORT, 10) || config.port || 8318;
+const HOST = '127.0.0.1';
+
+app.listen(port, HOST, () => {
+  console.log('');
+  console.log('╔══════════════════════════════════════════════════════════╗');
+  console.log('║         iFlow Local Proxy - 本地安全反代                 ║');
+  console.log('║                  单账号模式                              ║');
+  console.log('╠══════════════════════════════════════════════════════════╣');
+  console.log(`║  地址: http://${HOST}:${port}                            ║`);
+  console.log('║  模式: 仅本地 (127.0.0.1) · 单账号                      ║');
+  console.log('╠══════════════════════════════════════════════════════════╣');
+  console.log('║  防封保护:                                               ║');
+  console.log(`║  ├─ 熔断器: ${circuitBreaker.enabled ? '✅' : '❌'}  (434 自动熔断)                       ║`);
+  console.log(`║  ├─ 请求间隔: ${throttler.minInterval}ms + ${throttler.jitterMax}ms 抖动                ║`);
+  console.log(`║  ├─ 频率上限: ${throttler.maxPerMinute} 次/分钟                          ║`);
+  console.log(`║  └─ 模型白名单: ${modelWhitelist.length > 0 ? modelWhitelist.length + ' 个模型' : '未启用'}                        ║`);
+  console.log('╠══════════════════════════════════════════════════════════╣');
+  console.log(`║  账号: ${credential ? credential.data.email : '⚠️  未配置'}${' '.repeat(Math.max(0, 43 - (credential ? credential.data.email.length : 7)))}║`);
+  console.log('╠══════════════════════════════════════════════════════════╣');
+  console.log('║  端点:                                                   ║');
+  console.log('║  ├─ GET  /v1/models                                      ║');
+  console.log('║  ├─ POST /v1/chat/completions     (OpenAI)               ║');
+  console.log('║  ├─ POST /v1/messages             (Anthropic)            ║');
+  console.log('║  ├─ POST /api/account/set-key     (设置 API Key)         ║');
+  console.log('║  ├─ GET  /api/status              (状态)                 ║');
+  console.log('║  └─ POST /api/circuit-breaker/reset (重置熔断器)         ║');
+  console.log('╚══════════════════════════════════════════════════════════╝');
+  console.log('');
+  console.log(`[info] 配置文件: ${configPath}`);
+  console.log(`[info] 凭据目录: ${resolveAuthDir(authDir)}`);
+});