User Module¶
Feature Description
The interface prefix is uniformly http(s)://<your-domain>
HTTPS should be used in production environments to secure authentication tokens. HTTP is only recommended for development environments.
The core user management system implements a four-level permission structure (Public/User/Admin/Root) and complete user lifecycle management. It includes features such as registration/login, personal profile, Token management, top-up/payment, and an affiliate system. It supports 2FA, email verification, and various OAuth login methods.
Account Registration/Login¶
🔐 No Authentication Required¶
Register New Account¶
- Interface Name:Register New Account
- HTTP Method:POST
- Path:
/api/user/register - Authentication Requirement:Public
- Function Description:Creates a new user account, supporting email verification and referral code functionality
💡 Request Example:
const response = await fetch('/api/user/register', {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({
username: "newuser",
password: "password123",
email: "user@example.com",
verification_code: "123456",
aff_code: "INVITE123"
})
});
const data = await response.json();
✅ Successful Response Example:
❗ Failure Response Example:
🧾 Field Description:
username(String): Username, requiredpassword(String): Password, requiredemail(String): Email address, required when email verification is enabledverification_code(String): Email verification code, required when email verification is enabledaff_code(String): Referral code, optional
User Login¶
- Interface Name:User Login
- HTTP Method:POST
- Path:
/api/user/login - Authentication Requirement:Public
- Function Description:User account login, supporting Two-Factor Authentication (2FA)
💡 Request Example:
const response = await fetch('/api/user/login', {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({
username: "testuser",
password: "password123"
})
});
const data = await response.json();
✅ Successful Response Example (No 2FA):
{
"success": true,
"message": "登录成功",
"data": {
"token": "user_access_token",
"user": {
"id": 1,
"username": "testuser",
"role": 1,
"quota": 1000000
}
}
}
✅ Successful Response Example (2FA Required):
❗ Failure Response Example:
🧾 Field Description:
username(String): Username, requiredpassword(String): Password, requiredrequire_2fa(Boolean): Whether two-factor authentication is required
Epay Payment Notification¶
- Interface Name:Epay Payment Notification
- HTTP Method:GET
- Path:
/api/user/epay/notify - Authentication Requirement:Public
- Function Description:Handles payment callback notifications from the Epay system
💡 Request Example:
_// 通常由支付系统自动回调,前端无需主动调用 _
_// 示例URL: /api/user/epay/notify?trade_no=USR1NO123456&money=10.00&trade_status=TRADE_SUCCESS_
✅ Successful Response Example:
❗ Failure Response Example:
🧾 Field Description:
trade_no(String): Transaction order numbermoney(String): Payment amounttrade_status(String): Transaction statussign(String): Signature verification
List All Groups (Unauthenticated Version)¶
- Interface Name:List All Groups
- HTTP Method:GET
- Path:
/api/user/groups - Authentication Requirement:Public
- Function Description:Retrieves information about all user groups in the system, accessible without login
💡 Request Example:
const response = await fetch('/api/user/groups', {
method: 'GET',
headers: {
'Content-Type': 'application/json'
}
});
const data = await response.json();
✅ Successful Response Example:
{
"success": true,
"message": "",
"data": {
"default": {
"ratio": 1.0,
"desc": "默认分组"
},
"vip": {
"ratio": 0.8,
"desc": "VIP分组"
},
"auto": {
"ratio": "自动",
"desc": "自动选择最优分组"
}
}
}
❗ Failure Response Example:
🧾 Field Description:
data (Object): Group information mapping
- Key (String): Group name
ratio(Number/String): Group Ratio, "自动" (auto) means automatic selectiondesc(String): Group description
🔐 User Authentication Required¶
Logout¶
- Interface Name:Logout
- HTTP Method:GET
- Path:
/api/user/logout - Authentication Requirement:User
- Function Description:Clears the user session and logs out
💡 Request Example:
const response = await fetch('/api/user/logout', {
method: 'GET',
headers: {
'Content-Type': 'application/json',
'Authorization': 'Bearer your_user_token',
'New-Api-User': 'your_user_id'
}
});
const data = await response.json();
✅ Successful Response Example:
❗ Failure Response Example:
🧾 Field Description:
No request parameters
User Self-Service Operations¶
🔐 User Authentication Required¶
Get Current User's Groups¶
- Interface Name:Get Current User's Groups
- HTTP Method:GET
- Path:
/api/user/self/groups - Authentication Requirement:User
- Function Description:Retrieves the group information available to the currently logged-in user, including group Ratio and description
💡 Request Example:
const response = await fetch('/api/user/self/groups', {
method: 'GET',
headers: {
'Content-Type': 'application/json',
'Authorization': 'Bearer your_user_token',
'New-Api-User': 'your_user_id'
}
});
const data = await response.json();
✅ Successful Response Example:
{
"success": true,
"message": "",
"data": {
"default": {
"ratio": 1.0,
"desc": "默认分组"
},
"vip": {
"ratio": 0.8,
"desc": "VIP分组"
},
"auto": {
"ratio": "自动",
"desc": "自动选择最优分组"
}
}
}
❗ Failure Response Example:
🧾 Field Description:
data (Object): User available group information mapping group.go:25-48
- Key (String): Group name
ratio(Number/String): Group Ratio, "自动" (auto) means automatically selecting the optimal groupdesc(String): Group description
Get Personal Profile¶
- Interface Name:Get Personal Profile
- HTTP Method:GET
- Path:
/api/user/self - Authentication Requirement:User
- Function Description:Retrieves the current user's detailed information, including permissions, Quota, settings, etc.
💡 Request Example:
const response = await fetch('/api/user/self', {
method: 'GET',
headers: {
'Content-Type': 'application/json',
'Authorization': 'Bearer your_user_token',
'New-Api-User': 'your_user_id'
}
});
const data = await response.json();
✅ Successful Response Example:
{
"success": true,
"message": "",
"data": {
"id": 1,
"username": "testuser",
"display_name": "Test User",
"role": 1,
"status": 1,
"email": "user@example.com",
"group": "default",
"quota": 1000000,
"used_quota": 50000,
"request_count": 100,
"aff_code": "ABC123",
"aff_count": 5,
"aff_quota": 10000,
"aff_history_quota": 50000,
"inviter_id": 0,
"linux_do_id": "",
"setting": "{}",
"stripe_customer": "",
"sidebar_modules": "{\"chat\":{\"enabled\":true}}",
"permissions": {
"can_view_logs": true,
"can_manage_tokens": true
}
}
}
❗ Failure Response Example:
🧾 Field Description:
id(Number): User IDusername(String): Usernamedisplay_name(String): Display namerole(Number): User role, 1=Normal User, 10=Admin, 100=Root Userstatus(Number): User status, 1=Normal, 2=Disabledemail(String): Email addressgroup(String): Assigned Groupquota(Number): Total Quotaused_quota(Number): Used Quotarequest_count(Number): Request Countaff_code(String): Affiliate Codeaff_count(Number): Affiliate Countaff_quota(Number): Affiliate Reward Quotaaff_history_quota(Number): Historical Affiliate Quotainviter_id(Number): Inviter IDlinux_do_id(String): LinuxDo Account IDsetting(String): User settings JSON stringstripe_customer(String): Stripe Customer IDsidebar_modules(String): Sidebar module configuration JSON stringpermissions(Object): User permissions information
Get Model Visibility¶
- Interface Name:Get Model Visibility
- HTTP Method:GET
- Path:
/api/user/models - Authentication Requirement:User
- Function Description:Retrieves the list of AI models accessible to the current user
💡 Request Example:
const response = await fetch('/api/user/models', {
method: 'GET',
headers: {
'Content-Type': 'application/json',
'Authorization': 'Bearer your_user_token',
'New-Api-User': 'your_user_id'
}
});
const data = await response.json();
✅ Successful Response Example:
{
"success": true,
"message": "",
"data": [
"gpt-3.5-turbo",
"gpt-4",
"claude-3-sonnet",
"claude-3-haiku"
]
}
❗ Failure Response Example:
🧾 Field Description:
data (Array): List of model names accessible to the user
Modify Personal Profile¶
- Interface Name:Modify Personal Profile
- HTTP Method:PUT
- Path:
/api/user/self - Authentication Requirement:User
- Function Description:Updates user personal information or sidebar settings
💡 Request Example (Update Personal Information):
const response = await fetch('/api/user/self', {
method: 'PUT',
headers: {
'Content-Type': 'application/json',
'Authorization': 'Bearer your_user_token',
'New-Api-User': 'your_user_id'
},
body: JSON.stringify({
display_name: "New Display Name",
email: "newemail@example.com"
})
});
const data = await response.json();
💡 Request Example (Update Sidebar Settings):
const response = await fetch('/api/user/self', {
method: 'PUT',
headers: {
'Content-Type': 'application/json',
'Authorization': 'Bearer your_user_token',
'New-Api-User': 'your_user_id'
},
body: JSON.stringify({
sidebar_modules: JSON.stringify({
chat: { enabled: true, playground: true },
console: { enabled: true, token: true }
})
})
});
const data = await response.json();
✅ Successful Response Example:
❗ Failure Response Example:
🧾 Field Description:
display_name(String): Display name, optionalemail(String): Email address, optionalpassword(String): New password, optionalsidebar_modules(String): Sidebar module configuration JSON string, optional
Delete Account¶
- Interface Name:Delete Account
- HTTP Method:DELETE
- Path:
/api/user/self - Authentication Requirement:User
- Function Description:Deletes the current user account. Root users cannot be deleted
💡 Request Example:
const response = await fetch('/api/user/self', {
method: 'DELETE',
headers: {
'Content-Type': 'application/json',
'Authorization': 'Bearer your_user_token',
'New-Api-User': 'your_user_id'
}
});
const data = await response.json();
✅ Successful Response Example:
❗ Failure Response Example:
🧾 Field Description:
No request parameters
Generate User-Level Access Token¶
- Interface Name:Generate User-Level Access Token
- HTTP Method:GET
- Path:
/api/user/token - Authentication Requirement:User
- Function Description:Generates a new access Token for the current user, used for API calls
💡 Request Example:
const response = await fetch('/api/user/token', {
method: 'GET',
headers: {
'Content-Type': 'application/json',
'Authorization': 'Bearer your_user_token',
'New-Api-User': 'your_user_id'
}
});
const data = await response.json();
✅ Successful Response Example:
❗ Failure Response Example:
🧾 Field Description:
data (String): Generated access Token
Get Affiliate Code Information¶
- Interface Name:Get Affiliate Code Information
- HTTP Method:GET
- Path:
/api/user/aff - Authentication Requirement:User
- Function Description:Retrieves or generates the user's affiliate code, used for inviting new users to register
💡 Request Example:
const response = await fetch('/api/user/aff', {
method: 'GET',
headers: {
'Content-Type': 'application/json',
'Authorization': 'Bearer your_user_token',
'New-Api-User': 'your_user_id'
}
});
const data = await response.json();
✅ Successful Response Example:
❗ Failure Response Example:
🧾 Field Description:
data (String): The user's affiliate code. If it doesn't exist, a 4-character random string will be automatically generated
Direct Quota Top-up¶
- Interface Name:Direct Quota Top-up
- HTTP Method:POST
- Path:
/api/user/topup - Authentication Requirement:User
- Function Description:Uses a redemption code to top up the account Quota
💡 Request Example:
const response = await fetch('/api/user/topup', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': 'Bearer your_user_token',
'New-Api-User': 'your_user_id'
},
body: JSON.stringify({
key: "REDEEM123456"
})
});
const data = await response.json();
✅ Successful Response Example:
❗ Failure Response Example:
🧾 Field Description:
key(String): Redemption code, requireddata(Number): Returns the amount of Quota redeemed upon success
Submit Payment Order¶
- Interface Name:Submit Payment Order
- HTTP Method:POST
- Path:
/api/user/pay - Authentication Requirement:User
- Function Description:Creates an online payment order, supporting multiple payment methods
💡 Request Example:
const response = await fetch('/api/user/pay', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': 'Bearer your_user_token',
'New-Api-User': 'your_user_id'
},
body: JSON.stringify({
amount: 10000,
payment_method: "alipay",
top_up_code: ""
})
});
const data = await response.json();
✅ Successful Response Example:
{
"success": true,
"message": "success",
"data": {
"pid": "12345",
"type": "alipay",
"out_trade_no": "USR1NO123456",
"notify_url": "https://example.com/notify",
"return_url": "https://example.com/return",
"name": "TUC10000",
"money": "10.00",
"sign": "abc123def456"
},
"url": "https://pay.example.com/submit"
}
❗ Failure Response Example:
🧾 Field Description:
amount(Number): Top-up amount, must be greater than or equal to the minimum top-up Quota topup.go:133-136payment_method(String): Payment method, such as "alipay", "wxpay", etc.top_up_code(String): Top-up code, optionaldata(Object): Payment form parametersurl(String): Payment submission URL
Calculate Payment Amount¶
- Interface Name:Calculate Payment Amount
- HTTP Method:POST
- Path:
/api/user/amount - Authentication Requirement:User
- Function Description:Calculates the actual payment amount corresponding to the specified top-up Quota
💡 Request Example:
const response = await fetch('/api/user/amount', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': 'Bearer your_user_token',
'New-Api-User': 'your_user_id'
},
body: JSON.stringify({
amount: 10000,
top_up_code: ""
})
});
const data = await response.json();
✅ Successful Response Example:
❗ Failure Response Example:
🧾 Field Description:
amount(Number): Top-up amount, must be greater than or equal to the minimum top-up Quotatop_up_code(String): Top-up code, optionaldata(String): Actual amount required for payment (Yuan)
Affiliate Quota Transfer¶
- Interface Name:Affiliate Quota Transfer
- HTTP Method:POST
- Path:
/api/user/aff_transfer - Authentication Requirement:User
- Function Description:Converts the affiliate reward Quota into usable Quota
💡 Request Example:
const response = await fetch('/api/user/aff_transfer', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': 'Bearer your_user_token',
'New-Api-User': 'your_user_id'
},
body: JSON.stringify({
quota: 50000
})
});
const data = await response.json();
✅ Successful Response Example:
❗ Failure Response Example:
🧾 Field Description:
quota (Number): The amount of Quota to convert, must be greater than or equal to the minimum unit Quota
Update User Settings¶
- Interface Name:Update User Settings
- HTTP Method:PUT
- Path:
/api/user/setting - Authentication Requirement:User
- Function Description:Updates the user's personal settings configuration
💡 Request Example:
const response = await fetch('/api/user/setting', {
method: 'PUT',
headers: {
'Content-Type': 'application/json',
'Authorization': 'Bearer your_user_token',
'New-Api-User': 'your_user_id'
},
body: JSON.stringify({
theme: "dark",
language: "zh-CN",
notifications: {
email: true,
browser: false
}
})
});
const data = await response.json();
✅ Successful Response Example:
❗ Failure Response Example:
🧾 Field Description:
- The request body can contain any user setting fields, submitted in JSON format
- Specific fields depend on the requirements of the frontend settings page
Admin User Management¶
🔐 Admin Authentication Required¶
Get All User List¶
- Interface Name:Get All User List
- HTTP Method:GET
- Path:
/api/user/ - Authentication Requirement:Admin
- Function Description:Paginates and retrieves the list information of all users in the system
💡 Request Example:
const response = await fetch('/api/user/?p=1&page_size=20', {
method: 'GET',
headers: {
'Content-Type': 'application/json',
'Authorization': 'Bearer your_admin_token',
'New-Api-User': 'your_user_id'
}
});
const data = await response.json();
✅ Successful Response Example:
{
"success": true,
"message": "",
"data": {
"items": [
{
"id": 1,
"username": "testuser",
"display_name": "Test User",
"role": 1,
"status": 1,
"email": "user@example.com",
"group": "default",
"quota": 1000000,
"used_quota": 50000,
"request_count": 100
}
],
"total": 50,
"page": 1,
"page_size": 20
}
}
❗ Failure Response Example:
🧾 Field Description:
p(Number): Page number, defaults to 1page_size(Number): Items per page, defaults to 20items(Array): User information listtotal(Number): Total number of userspage(Number): Current page numberpage_size(Number): Items per page
Search Users¶
- Interface Name:Search Users
- HTTP Method:GET
- Path:
/api/user/search - Authentication Requirement:Admin
- Function Description:Searches users based on keywords and Group
💡 Request Example:
const response = await fetch('/api/user/search?keyword=test&group=default&p=1&page_size=20', {
method: 'GET',
headers: {
'Content-Type': 'application/json',
'Authorization': 'Bearer your_admin_token',
'New-Api-User': 'your_user_id'
}
});
const data = await response.json();
✅ Successful Response Example:
{
"success": true,
"message": "",
"data": {
"items": [
{
"id": 1,
"username": "testuser",
"display_name": "Test User",
"role": 1,
"status": 1,
"email": "test@example.com",
"group": "default"
}
],
"total": 1,
"page": 1,
"page_size": 20
}
}
❗ Failure Response Example:
🧾 Field Description:
keyword(String): Search keyword, can match username, display name, or emailgroup(String): User Group filtering conditionp(Number): Page number, defaults to 1page_size(Number): Items per page, defaults to 20
Get Single User Information¶
- Interface Name:Get Single User Information
- HTTP Method:GET
- Path:
/api/user/:id - Authentication Requirement:Admin
- Function Description:Retrieves detailed information for a specified user, including permission checks
💡 Request Example:
const response = await fetch('/api/user/123', {
method: 'GET',
headers: {
'Content-Type': 'application/json',
'Authorization': 'Bearer your_admin_token',
'New-Api-User': 'your_user_id'
}
});
const data = await response.json();
✅ Successful Response Example:
{
"success": true,
"message": "",
"data": {
"id": 123,
"username": "targetuser",
"display_name": "Target User",
"role": 1,
"status": 1,
"email": "target@example.com",
"group": "default",
"quota": 1000000,
"used_quota": 50000,
"request_count": 100,
"aff_code": "ABC123",
"aff_count": 5
}
}
❗ Failure Response Example:
🧾 Field Description:
id(Number): User ID, passed via URL path- Returns complete user information, but admins cannot view information for users of the same or higher permission level
Create User¶
- Interface Name:Create User
- HTTP Method:POST
- Path:
/api/user/ - Authentication Requirement:Admin
- Function Description:Creates a new user account. Admins cannot create users with permissions greater than or equal to their own
💡 Request Example:
const response = await fetch('/api/user/', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': 'Bearer your_admin_token',
'New-Api-User': 'your_user_id'
},
body: JSON.stringify({
username: "newuser",
password: "password123",
display_name: "New User",
role: 1
})
});
const data = await response.json();
✅ Successful Response Example:
❗ Failure Response Example:
🧾 Field Description:
username(String): Username, requiredpassword(String): Password, requireddisplay_name(String): Display name, optional, defaults to usernamerole(Number): User role, must be less than the current admin role
Management Operations (Disable/Reset, etc.)¶
- Interface Name:Management Operations (Disable/Reset, etc.)
- HTTP Method:POST
- Path:
/api/user/manage - Authentication Requirement:Admin
- Function Description:Performs management operations on a user, including enabling, disabling, deleting, promoting, and demoting
💡 Request Example:
const response = await fetch('/api/user/manage', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': 'Bearer your_admin_token',
'New-Api-User': 'your_user_id'
},
body: JSON.stringify({
id: 123,
action: "disable"
})
});
const data = await response.json();
✅ Successful Response Example:
❗ Failure Response Example:
🧾 Field Description:
id(Number): Target user ID, requiredaction(String): Operation type, required, optional values:disable: Disable userenable: Enable userdelete: Delete userpromote: Promote to Admin (Root user only)demote: Demote to Normal User
Update User¶
- Interface Name:Update User
- HTTP Method:PUT
- Path:
/api/user/ - Authentication Requirement:Admin
- Function Description:Updates user information, including permission checks and Quota change logging
💡 Request Example:
const response = await fetch('/api/user/', {
method: 'PUT',
headers: {
'Content-Type': 'application/json',
'Authorization': 'Bearer your_admin_token',
'New-Api-User': 'your_user_id'
},
body: JSON.stringify({
id: 123,
username: "updateduser",
display_name: "Updated User",
email: "updated@example.com",
quota: 2000000,
role: 1,
status: 1
})
});
const data = await response.json();
✅ Successful Response Example:
❗ Failure Response Example:
🧾 Field Description:
id(Number): User ID, requiredusername(String): Username, optionaldisplay_name(String): Display name, optionalemail(String): Email address, optionalpassword(String): New password, optional. If empty, the password is not updatedquota(Number): User Quota, optionalrole(Number): User role, cannot be greater than or equal to the current admin rolestatus(Number): User status, optional
Delete User¶
- Interface Name:Delete User
- HTTP Method:DELETE
- Path:
/api/user/:id - Authentication Requirement:Admin
- Function Description:Hard deletes the specified user. Admins cannot delete users of the same or higher permission level
💡 Request Example:
const response = await fetch('/api/user/123', {
method: 'DELETE',
headers: {
'Content-Type': 'application/json',
'Authorization': 'Bearer your_admin_token',
'New-Api-User': 'your_user_id'
}
});
const data = await response.json();
✅ Successful Response Example:
❗ Failure Response Example:
🧾 Field Description:
id(Number): User ID, passed via URL path- Performs a hard delete operation, irreversible