feat(proxy): add session-aware account affinity

Author: DeliciousBuding

auth/session_affinity_test.go

@@ -0,0 +1,47 @@
+package auth
+
+import "testing"
+
+func TestNextForSessionPrefersBoundAccountAndProxy(t *testing.T) {
+	store := &Store{
+		accounts: []*Account{
+			{DBID: 1, AccessToken: "tok-1"},
+			{DBID: 2, AccessToken: "tok-2"},
+		},
+		maxConcurrency: 2,
+	}
+	store.bindSessionAffinity("session-1", store.accounts[1], "http://proxy-2")
+
+	acc, proxyURL := store.NextForSession("session-1", nil)
+	if acc == nil {
+		t.Fatal("expected account")
+	}
+	if acc.DBID != 2 {
+		t.Fatalf("account DBID = %d, want %d", acc.DBID, 2)
+	}
+	if proxyURL != "http://proxy-2" {
+		t.Fatalf("proxyURL = %q, want %q", proxyURL, "http://proxy-2")
+	}
+}
+
+func TestNextForSessionFallsBackWhenBoundAccountExcluded(t *testing.T) {
+	store := &Store{
+		accounts: []*Account{
+			{DBID: 1, AccessToken: "tok-1"},
+			{DBID: 2, AccessToken: "tok-2"},
+		},
+		maxConcurrency: 2,
+	}
+	store.bindSessionAffinity("session-1", store.accounts[1], "http://proxy-2")
+
+	acc, proxyURL := store.NextForSession("session-1", map[int64]bool{2: true})
+	if acc == nil {
+		t.Fatal("expected fallback account")
+	}
+	if acc.DBID != 1 {
+		t.Fatalf("account DBID = %d, want %d", acc.DBID, 1)
+	}
+	if proxyURL != "" {
+		t.Fatalf("proxyURL = %q, want empty fallback proxy", proxyURL)
+	}
+}

auth/store.go

@@ -726,10 +726,20 @@ type Store struct {
 	// 智能刷新调度器
 	refreshScheduler atomic.Pointer[RefreshSchedulerIntegration]
 
-	allowRemoteMigration atomic.Bool // 是否允许远程迁移拉取账号
+	allowRemoteMigration atomic.Bool  // 是否允许远程迁移拉取账号
 	modelMapping         atomic.Value // 模型映射 JSON 字符串
+	sessionMu            sync.RWMutex
+	sessionBindings      map[string]sessionAffinity
 }
 
+type sessionAffinity struct {
+	accountID int64
+	proxyURL  string
+	expiresAt time.Time
+}
+
+const sessionAffinityTTL = 30 * time.Minute
+
 func fastSchedulerEnabledFromEnv() bool {
 	for _, key := range []string{"FAST_SCHEDULER_ENABLED", "CODEX_FAST_SCHEDULER"} {
 		if truthyEnv(os.Getenv(key)) {
@@ -766,6 +776,7 @@ func NewStore(db *database.DB, tc cache.TokenCache, settings *database.SystemSet
 		tokenCache:       tc,
 		stopCh:           make(chan struct{}),
 		proxyPoolEnabled: settings.ProxyPoolEnabled,
+		sessionBindings:  make(map[string]sessionAffinity),
 	}
 	s.testModel.Store(settings.TestModel)
 	s.autoCleanUnauthorized.Store(settings.AutoCleanUnauthorized)
@@ -1276,6 +1287,95 @@ func (s *Store) NextExcluding(exclude map[int64]bool) *Account {
 	return best
 }
 
+// BindSessionAffinity 记录会话与账号/代理的亲和关系。
+func (s *Store) BindSessionAffinity(key string, account *Account, proxyURL string) {
+	s.bindSessionAffinity(key, account, proxyURL)
+}
+
+func (s *Store) bindSessionAffinity(key string, account *Account, proxyURL string) {
+	if s == nil || account == nil {
+		return
+	}
+	key = strings.TrimSpace(key)
+	if key == "" {
+		return
+	}
+
+	s.sessionMu.Lock()
+	if s.sessionBindings == nil {
+		s.sessionBindings = make(map[string]sessionAffinity)
+	}
+	s.sessionBindings[key] = sessionAffinity{
+		accountID: account.DBID,
+		proxyURL:  strings.TrimSpace(proxyURL),
+		expiresAt: time.Now().Add(sessionAffinityTTL),
+	}
+	s.sessionMu.Unlock()
+}
+
+// NextForSession 优先复用已绑定的账号和代理，失败时回退到普通选号。
+func (s *Store) NextForSession(key string, exclude map[int64]bool) (*Account, string) {
+	if s == nil {
+		return nil, ""
+	}
+	key = strings.TrimSpace(key)
+	if key == "" {
+		return s.NextExcluding(exclude), ""
+	}
+
+	now := time.Now()
+	s.sessionMu.RLock()
+	binding, ok := s.sessionBindings[key]
+	s.sessionMu.RUnlock()
+
+	if ok {
+		if !binding.expiresAt.After(now) {
+			s.sessionMu.Lock()
+			if current, exists := s.sessionBindings[key]; exists && !current.expiresAt.After(now) {
+				delete(s.sessionBindings, key)
+			}
+			s.sessionMu.Unlock()
+		} else if acc := s.takeByIDExcluding(binding.accountID, exclude); acc != nil {
+			return acc, binding.proxyURL
+		}
+	}
+
+	return s.NextExcluding(exclude), ""
+}
+
+func (s *Store) takeByIDExcluding(id int64, exclude map[int64]bool) *Account {
+	if s == nil || id == 0 {
+		return nil
+	}
+	if exclude != nil && exclude[id] {
+		return nil
+	}
+
+	s.mu.RLock()
+	var target *Account
+	for _, acc := range s.accounts {
+		if acc != nil && acc.DBID == id {
+			target = acc
+			break
+		}
+	}
+	s.mu.RUnlock()
+	if target == nil || !target.IsAvailable() {
+		return nil
+	}
+
+	maxConcurrency := atomic.LoadInt64(&s.maxConcurrency)
+	now := time.Now()
+	_, _, limit, available := target.fastSchedulerSnapshot(maxConcurrency, now)
+	if !available || limit <= 0 {
+		return nil
+	}
+	if !tryAcquireAccount(target, limit) {
+		return nil
+	}
+	return target
+}
+
 // WaitForAvailable 等待可用账号（带超时的请求排队）
 func (s *Store) WaitForAvailable(ctx context.Context, timeout time.Duration) *Account {
 	deadline := time.NewTimer(timeout)

proxy/handler.go

@@ -36,6 +36,13 @@ type Handler struct {
 	dbKeysUntil time.Time
 }
 
+func (h *Handler) nextAccountForSession(sessionID string, exclude map[int64]bool) (*auth.Account, string) {
+	if h == nil || h.store == nil {
+		return nil, ""
+	}
+	return h.store.NextForSession(sessionID, exclude)
+}
+
 type usageLimitDetails struct {
 	message         string
 	planType        string
@@ -444,7 +451,7 @@ func (h *Handler) Responses(c *gin.Context) {
 	excludeAccounts := make(map[int64]bool) // 重试时排除已失败的账号
 
 	for attempt := 0; attempt <= maxRetries; attempt++ {
-		account := h.store.NextExcluding(excludeAccounts)
+		account, stickyProxyURL := h.nextAccountForSession(sessionID, excludeAccounts)
 		if account == nil {
 			// 排队等待可用账号（最多 30s）
 			account = h.store.WaitForAvailable(c.Request.Context(), 30*time.Second)
@@ -461,7 +468,10 @@ func (h *Handler) Responses(c *gin.Context) {
 		}
 
 		start := time.Now()
-		proxyURL := h.store.NextProxy()
+		proxyURL := stickyProxyURL
+		if proxyURL == "" {
+			proxyURL = h.store.NextProxy()
+		}
 		useWebsocket := h.cfg != nil && h.cfg.UseWebsocket
 
 		// 提取 API Key 用于设备指纹稳定化
@@ -669,6 +679,8 @@ func (h *Handler) Responses(c *gin.Context) {
 			}
 			continue
 		}
+
+		h.store.BindSessionAffinity(sessionID, account, proxyURL)
 		logStatusCode := outcome.logStatusCode
 		if outcome.logStatusCode != http.StatusOK {
 			log.Printf("流异常结束 (account %d, /v1/responses, status %d): %s，已转发约 %d 字符", account.ID(), outcome.logStatusCode, outcome.failureMessage, deltaCharCount)
@@ -808,7 +820,7 @@ func (h *Handler) ChatCompletions(c *gin.Context) {
 	excludeAccounts := make(map[int64]bool) // 重试时排除已失败的账号
 
 	for attempt := 0; attempt <= maxRetries; attempt++ {
-		account := h.store.NextExcluding(excludeAccounts)
+		account, stickyProxyURL := h.nextAccountForSession(sessionID, excludeAccounts)
 		if account == nil {
 			// 排队等待可用账号（最多 30s）
 			account = h.store.WaitForAvailable(c.Request.Context(), 30*time.Second)
@@ -825,7 +837,10 @@ func (h *Handler) ChatCompletions(c *gin.Context) {
 		}
 
 		start := time.Now()
-		proxyURL := h.store.NextProxy()
+		proxyURL := stickyProxyURL
+		if proxyURL == "" {
+			proxyURL = h.store.NextProxy()
+		}
 		useWebsocket := h.cfg != nil && h.cfg.UseWebsocket
 
 		// 提取 API Key 用于设备指纹稳定化
@@ -1038,6 +1053,8 @@ func (h *Handler) ChatCompletions(c *gin.Context) {
 			}
 			continue
 		}
+
+		h.store.BindSessionAffinity(sessionID, account, proxyURL)
 		logStatusCode := outcome.logStatusCode
 		if outcome.logStatusCode != http.StatusOK {
 			log.Printf("流异常结束 (account %d, /v1/chat/completions, status %d): %s，已转发约 %d 字符", account.ID(), outcome.logStatusCode, outcome.failureMessage, deltaCharCount)

proxy/handler_anthropic.go

@@ -119,7 +119,7 @@ func (h *Handler) Messages(c *gin.Context) {
 	excludeAccounts := make(map[int64]bool)
 
 	for attempt := 0; attempt <= maxRetries; attempt++ {
-		account := h.store.NextExcluding(excludeAccounts)
+		account, stickyProxyURL := h.nextAccountForSession(sessionID, excludeAccounts)
 		if account == nil {
 			account = h.store.WaitForAvailable(c.Request.Context(), 30*time.Second)
 			if account == nil {
@@ -133,7 +133,10 @@ func (h *Handler) Messages(c *gin.Context) {
 		}
 
 		start := time.Now()
-		proxyURL := h.store.NextProxy()
+		proxyURL := stickyProxyURL
+		if proxyURL == "" {
+			proxyURL = h.store.NextProxy()
+		}
 		useWebsocket := h.cfg != nil && h.cfg.UseWebsocket
 
 		apiKey := strings.TrimPrefix(c.GetHeader("Authorization"), "Bearer ")
@@ -362,6 +365,8 @@ func (h *Handler) Messages(c *gin.Context) {
 			continue
 		}
 
+		h.store.BindSessionAffinity(sessionID, account, proxyURL)
+
 		logStatusCode := outcome.logStatusCode
 		if outcome.logStatusCode != http.StatusOK {
 			log.Printf("流异常结束 (account %d, /v1/messages, status %d): %s，已转发约 %d 字符",