sdsdsdff
diff --git a/‎app/api/v1/admin.py‎
Lines changed: 154 additions & 0 deletions b/‎app/api/v1/admin.py‎
Lines changed: 154 additions & 0 deletions
diff --git a/‎app/api/v1/chat.py‎
Lines changed: 7 additions & 2 deletions b/‎app/api/v1/chat.py‎
Lines changed: 7 additions & 2 deletions
diff --git a/‎app/api/v1/image.py‎
Lines changed: 7 additions & 2 deletions b/‎app/api/v1/image.py‎
Lines changed: 7 additions & 2 deletions
diff --git a/‎app/api/v1/uploads.py‎
Lines changed: 64 additions & 0 deletions b/‎app/api/v1/uploads.py‎
Lines changed: 64 additions & 0 deletions
@@ -1,6 +1,7 @@
 from fastapi import APIRouter, Depends, HTTPException, Request, Query, Body
 from fastapi.responses import HTMLResponse, RedirectResponse
 from pydantic import BaseModel
+from typing import Any
 
 from app.core.auth import verify_api_key
 from app.core.config import config, get_config
@@ -12,6 +13,7 @@
 import json
 from app.core.logger import logger
 from app.services.register import get_auto_register_manager
+from app.services.api_keys import api_key_manager
 
 
 router = APIRouter()
@@ -65,6 +67,21 @@ async def admin_datacenter_page():
     """数据中心页"""
     return await render_template("datacenter/datacenter.html")
 
+@router.get("/admin/keys", response_class=HTMLResponse, include_in_schema=False)
+async def admin_keys_page():
+    """API Key 管理页"""
+    return await render_template("keys/keys.html")
+
+@router.get("/chat", response_class=HTMLResponse, include_in_schema=False)
+async def chat_page():
+    """在线聊天页（公开入口）"""
+    return await render_template("chat/chat.html")
+
+@router.get("/admin/chat", response_class=HTMLResponse, include_in_schema=False)
+async def admin_chat_page():
+    """在线聊天页（后台入口）"""
+    return await render_template("chat/chat_admin.html")
+
 @router.post("/api/v1/admin/login")
 async def admin_login_api(request: Request, body: AdminLoginBody | None = Body(default=None)):
     """管理后台登录验证（用户名+密码）
@@ -110,6 +127,143 @@ async def update_config_api(data: dict):
     except Exception as e:
         raise HTTPException(status_code=500, detail=str(e))
 
+
+def _display_key(key: str) -> str:
+    k = str(key or "")
+    if len(k) <= 12:
+        return k
+    return f"{k[:6]}...{k[-4:]}"
+
+
+def _normalize_limit(v: Any) -> int:
+    if v is None or v == "":
+        return -1
+    try:
+        return max(-1, int(v))
+    except Exception:
+        return -1
+
+
+@router.get("/api/v1/admin/keys", dependencies=[Depends(verify_api_key)])
+async def list_api_keys():
+    """List API keys + daily usage/remaining (for admin UI)."""
+    await api_key_manager.init()
+    day, usage_map = await api_key_manager.usage_today()
+
+    out = []
+    for row in api_key_manager.get_all_keys():
+        key = str(row.get("key") or "")
+        used = usage_map.get(key) or {}
+        chat_used = int(used.get("chat_used", 0) or 0)
+        heavy_used = int(used.get("heavy_used", 0) or 0)
+        image_used = int(used.get("image_used", 0) or 0)
+        video_used = int(used.get("video_used", 0) or 0)
+
+        chat_limit = _normalize_limit(row.get("chat_limit", -1))
+        heavy_limit = _normalize_limit(row.get("heavy_limit", -1))
+        image_limit = _normalize_limit(row.get("image_limit", -1))
+        video_limit = _normalize_limit(row.get("video_limit", -1))
+
+        remaining = {
+            "chat": None if chat_limit < 0 else max(0, chat_limit - chat_used),
+            "heavy": None if heavy_limit < 0 else max(0, heavy_limit - heavy_used),
+            "image": None if image_limit < 0 else max(0, image_limit - image_used),
+            "video": None if video_limit < 0 else max(0, video_limit - video_used),
+        }
+
+        out.append({
+            **row,
+            "is_active": bool(row.get("is_active", True)),
+            "display_key": _display_key(key),
+            "usage_today": {
+                "chat_used": chat_used,
+                "heavy_used": heavy_used,
+                "image_used": image_used,
+                "video_used": video_used,
+            },
+            "remaining_today": remaining,
+            "day": day,
+        })
+
+    # New UI expects { success: true, data: [...] }
+    return {"success": True, "data": out}
+
+
+@router.post("/api/v1/admin/keys", dependencies=[Depends(verify_api_key)])
+async def create_api_key(data: dict):
+    """Create a new API key (optional name/key/limits)."""
+    await api_key_manager.init()
+    data = data or {}
+
+    name = str(data.get("name") or "").strip() or api_key_manager.generate_name()
+    key_val = str(data.get("key") or "").strip() or None
+    is_active = bool(data.get("is_active", True))
+
+    limits = data.get("limits") if isinstance(data.get("limits"), dict) else {}
+    try:
+        row = await api_key_manager.add_key(
+            name=name,
+            key=key_val,
+            is_active=is_active,
+            limits={
+                "chat_per_day": limits.get("chat_per_day"),
+                "heavy_per_day": limits.get("heavy_per_day"),
+                "image_per_day": limits.get("image_per_day"),
+                "video_per_day": limits.get("video_per_day"),
+            },
+        )
+    except ValueError as e:
+        raise HTTPException(status_code=400, detail=str(e))
+
+    return {"success": True, "data": {**row, "display_key": _display_key(row.get("key", ""))}}
+
+
+@router.post("/api/v1/admin/keys/update", dependencies=[Depends(verify_api_key)])
+async def update_api_key(data: dict):
+    """Update name/status/limits for an API key."""
+    await api_key_manager.init()
+    data = data or {}
+    key = str(data.get("key") or "").strip()
+    if not key:
+        raise HTTPException(status_code=400, detail="Missing key")
+
+    if "name" in data and data.get("name") is not None:
+        name = str(data.get("name") or "").strip()
+        if name:
+            await api_key_manager.update_key_name(key, name)
+
+    if "is_active" in data:
+        await api_key_manager.update_key_status(key, bool(data.get("is_active")))
+
+    limits = data.get("limits") if isinstance(data.get("limits"), dict) else None
+    if limits is not None:
+        await api_key_manager.update_key_limits(
+            key,
+            {
+                "chat_per_day": limits.get("chat_per_day"),
+                "heavy_per_day": limits.get("heavy_per_day"),
+                "image_per_day": limits.get("image_per_day"),
+                "video_per_day": limits.get("video_per_day"),
+            },
+        )
+
+    return {"success": True}
+
+
+@router.post("/api/v1/admin/keys/delete", dependencies=[Depends(verify_api_key)])
+async def delete_api_key(data: dict):
+    """Delete an API key."""
+    await api_key_manager.init()
+    data = data or {}
+    key = str(data.get("key") or "").strip()
+    if not key:
+        raise HTTPException(status_code=400, detail="Missing key")
+
+    ok = await api_key_manager.delete_key(key)
+    if not ok:
+        raise HTTPException(status_code=404, detail="Key not found")
+    return {"success": True}
+
 @router.get("/api/v1/admin/storage", dependencies=[Depends(verify_api_key)])
 async def get_storage_info():
     """获取当前存储模式"""
 
@@ -4,13 +4,15 @@
 
 from typing import Any, Dict, List, Optional, Union
 
-from fastapi import APIRouter
+from fastapi import APIRouter, Depends
 from fastapi.responses import StreamingResponse, JSONResponse
 from pydantic import BaseModel, Field, field_validator
 
+from app.core.auth import verify_api_key
 from app.services.grok.chat import ChatService
 from app.services.grok.model import ModelService
 from app.core.exceptions import ValidationException
+from app.services.quota import enforce_daily_quota
 
 
 router = APIRouter(tags=["Chat"])
@@ -201,11 +203,14 @@ def validate_request(request: ChatCompletionRequest):
 
 
 @router.post("/chat/completions")
-async def chat_completions(request: ChatCompletionRequest):
+async def chat_completions(request: ChatCompletionRequest, api_key: Optional[str] = Depends(verify_api_key)):
     """Chat Completions API - 兼容 OpenAI"""
 
     # 参数验证
     validate_request(request)
+
+    # Daily quota (best-effort)
+    await enforce_daily_quota(api_key, request.model)
 
     # 检测视频模型
     model_info = ModelService.get(request.model)
 
@@ -6,17 +6,19 @@
 import random
 from typing import List, Optional
 
-from fastapi import APIRouter
+from fastapi import APIRouter, Depends
 from fastapi.responses import StreamingResponse, JSONResponse
 from pydantic import BaseModel, Field
 
+from app.core.auth import verify_api_key
 from app.services.grok.chat import GrokChatService
 from app.services.grok.model import ModelService
 from app.services.grok.processor import ImageStreamProcessor, ImageCollectProcessor
 from app.services.token import get_token_manager
 from app.services.request_stats import request_stats
 from app.core.exceptions import ValidationException, AppException, ErrorType
 from app.core.logger import logger
+from app.services.quota import enforce_daily_quota
 
 
 router = APIRouter(tags=["Images"])
@@ -99,7 +101,7 @@ async def call_grok(token: str, prompt: str, model_info) -> List[str]:
 
 
 @router.post("/images/generations")
-async def create_image(request: ImageGenerationRequest):
+async def create_image(request: ImageGenerationRequest, api_key: Optional[str] = Depends(verify_api_key)):
     """
     Image Generation API
     
@@ -116,6 +118,9 @@ async def create_image(request: ImageGenerationRequest):
 
     # 参数验证
     validate_request(request)
+
+    # Daily quota (best-effort): count by requested n
+    await enforce_daily_quota(api_key, request.model or "grok-imagine-1.0", image_count=int(request.n or 1))
 
     # 获取 token
     try:
 
@@ -0,0 +1,64 @@
+"""
+Uploads API (used by the web chat UI)
+"""
+
+import uuid
+from pathlib import Path
+
+import aiofiles
+from fastapi import APIRouter, UploadFile, File, HTTPException
+
+from app.services.grok.assets import DownloadService
+
+
+router = APIRouter(tags=["Uploads"])
+
+BASE_DIR = Path(__file__).parent.parent.parent.parent / "data" / "tmp"
+IMAGE_DIR = BASE_DIR / "image"
+
+
+def _ext_from_mime(mime: str) -> str:
+    m = (mime or "").lower()
+    if m == "image/png":
+        return "png"
+    if m == "image/webp":
+        return "webp"
+    if m == "image/gif":
+        return "gif"
+    if m in ("image/jpeg", "image/jpg"):
+        return "jpg"
+    return "jpg"
+
+
+@router.post("/uploads/image")
+async def upload_image(file: UploadFile = File(...)):
+    content_type = (file.content_type or "").lower()
+    if not content_type.startswith("image/"):
+        raise HTTPException(status_code=400, detail=f"Unsupported file type: {file.content_type}")
+
+    IMAGE_DIR.mkdir(parents=True, exist_ok=True)
+    name = f"upload-{uuid.uuid4().hex}.{_ext_from_mime(content_type)}"
+    path = IMAGE_DIR / name
+
+    size = 0
+    async with aiofiles.open(path, "wb") as f:
+        while True:
+            chunk = await file.read(1024 * 1024)
+            if not chunk:
+                break
+            size += len(chunk)
+            await f.write(chunk)
+
+    # Best-effort: reuse existing cache cleanup policy (size-based).
+    try:
+        dl = DownloadService()
+        await dl.check_limit()
+        await dl.close()
+    except Exception:
+        pass
+
+    return {"url": f"/v1/files/image/{name}", "name": name, "size_bytes": size}
+
+
+__all__ = ["router"]
+