feat: add comprehensive prompt filter system with 73 security rules

- Add prompt filter module with weighted scoring (50+ threshold)
- Implement 73 built-in rules covering malware, exploits, reverse engineering, etc.
- Support Chinese and English keywords for dual-language detection
- Add frontend UI with category filtering, batch enable/disable, and pagination
- Integrate filter into /v1/responses, /v1/chat/completions, /v1/messages endpoints
- Add admin API for rule management and filter logs
- Support monitor/warn/block modes with configurable thresholds
- Add database tables for filter logs and audit trail

Author: james-6-23

admin/handler.go

@@ -26,6 +26,7 @@ import (
 	"github.com/codex2api/database"
 	"github.com/codex2api/proxy"
 	"github.com/codex2api/security"
+	"github.com/codex2api/security/promptfilter"
 	"github.com/gin-gonic/gin"
 	"github.com/tidwall/gjson"
 )
@@ -133,6 +134,10 @@ func (h *Handler) RegisterRoutes(r *gin.Engine) {
 	api.GET("/ops/overview", h.GetOpsOverview)
 	api.GET("/settings", h.GetSettings)
 	api.PUT("/settings", h.UpdateSettings)
+	api.GET("/prompt-filter/logs", h.ListPromptFilterLogs)
+	api.DELETE("/prompt-filter/logs", h.ClearPromptFilterLogs)
+	api.POST("/prompt-filter/test", h.TestPromptFilter)
+	api.GET("/prompt-filter/rules", h.GetPromptFilterRules)
 	api.GET("/models", h.ListModels)
 	api.POST("/models/sync", h.SyncModels)
 	api.GET("/image-prompts", h.ListImagePromptTemplates)
@@ -297,10 +302,10 @@ type accountResponse struct {
 	Locked                   bool                       `json:"locked"`
 	AllowedAPIKeyIDs         []int64                    `json:"allowed_api_key_ids"`
 	// 图片配额信息
-	ImageQuotaRemaining      *int                       `json:"image_quota_remaining,omitempty"`
-	ImageQuotaTotal          *int                       `json:"image_quota_total,omitempty"`
-	TodayUsedCount           *int                       `json:"today_used_count,omitempty"`
-	ImageQuotaResetAt        string                     `json:"image_quota_reset_at,omitempty"`
+	ImageQuotaRemaining *int   `json:"image_quota_remaining,omitempty"`
+	ImageQuotaTotal     *int   `json:"image_quota_total,omitempty"`
+	TodayUsedCount      *int   `json:"today_used_count,omitempty"`
+	ImageQuotaResetAt   string `json:"image_quota_reset_at,omitempty"`
 }
 
 type accountUsageWindow struct {
@@ -2090,6 +2095,15 @@ type settingsResponse struct {
 	ModelMapping                     string `json:"model_mapping"`
 	ResinURL                         string `json:"resin_url"`
 	ResinPlatformName                string `json:"resin_platform_name"`
+	PromptFilterEnabled              bool   `json:"prompt_filter_enabled"`
+	PromptFilterMode                 string `json:"prompt_filter_mode"`
+	PromptFilterThreshold            int    `json:"prompt_filter_threshold"`
+	PromptFilterStrictThreshold      int    `json:"prompt_filter_strict_threshold"`
+	PromptFilterLogMatches           bool   `json:"prompt_filter_log_matches"`
+	PromptFilterMaxTextLength        int    `json:"prompt_filter_max_text_length"`
+	PromptFilterSensitiveWords       string `json:"prompt_filter_sensitive_words"`
+	PromptFilterCustomPatterns       string `json:"prompt_filter_custom_patterns"`
+	PromptFilterDisabledPatterns     string `json:"prompt_filter_disabled_patterns"`
 }
 
 type updateSettingsReq struct {
@@ -2116,6 +2130,15 @@ type updateSettingsReq struct {
 	ModelMapping                     *string `json:"model_mapping"`
 	ResinURL                         *string `json:"resin_url"`
 	ResinPlatformName                *string `json:"resin_platform_name"`
+	PromptFilterEnabled              *bool   `json:"prompt_filter_enabled"`
+	PromptFilterMode                 *string `json:"prompt_filter_mode"`
+	PromptFilterThreshold            *int    `json:"prompt_filter_threshold"`
+	PromptFilterStrictThreshold      *int    `json:"prompt_filter_strict_threshold"`
+	PromptFilterLogMatches           *bool   `json:"prompt_filter_log_matches"`
+	PromptFilterMaxTextLength        *int    `json:"prompt_filter_max_text_length"`
+	PromptFilterSensitiveWords       *string `json:"prompt_filter_sensitive_words"`
+	PromptFilterCustomPatterns       *string `json:"prompt_filter_custom_patterns"`
+	PromptFilterDisabledPatterns     *string `json:"prompt_filter_disabled_patterns"`
 }
 
 // GetSettings 获取当前系统设置
@@ -2133,6 +2156,7 @@ func (h *Handler) GetSettings(c *gin.Context) {
 		resinURL = dbSettings.ResinURL
 		resinPlatformName = dbSettings.ResinPlatformName
 	}
+	promptFilterCfg := h.store.GetPromptFilterConfig()
 	c.JSON(http.StatusOK, settingsResponse{
 		MaxConcurrency:                   h.store.GetMaxConcurrency(),
 		GlobalRPM:                        h.rateLimiter.GetRPM(),
@@ -2162,6 +2186,15 @@ func (h *Handler) GetSettings(c *gin.Context) {
 		ModelMapping:                     h.store.GetModelMapping(),
 		ResinURL:                         resinURL,
 		ResinPlatformName:                resinPlatformName,
+		PromptFilterEnabled:              promptFilterCfg.Enabled,
+		PromptFilterMode:                 promptFilterCfg.Mode,
+		PromptFilterThreshold:            promptFilterCfg.Threshold,
+		PromptFilterStrictThreshold:      promptFilterCfg.StrictThreshold,
+		PromptFilterLogMatches:           promptFilterCfg.LogMatches,
+		PromptFilterMaxTextLength:        promptFilterCfg.MaxTextLength,
+		PromptFilterSensitiveWords:       promptFilterCfg.SensitiveWords,
+		PromptFilterCustomPatterns:       promptfilter.MarshalCustomPatterns(promptFilterCfg.CustomPatterns),
+		PromptFilterDisabledPatterns:     promptfilter.MarshalDisabledPatterns(promptFilterCfg.DisabledPatterns),
 	})
 }
 
@@ -2363,6 +2396,64 @@ func (h *Handler) UpdateSettings(c *gin.Context) {
 		log.Printf("设置已更新: model_mapping")
 	}
 
+	promptFilterCfg := h.store.GetPromptFilterConfig()
+	promptFilterChanged := false
+	if req.PromptFilterEnabled != nil {
+		promptFilterCfg.Enabled = *req.PromptFilterEnabled
+		promptFilterChanged = true
+	}
+	if req.PromptFilterMode != nil {
+		promptFilterCfg.Mode = *req.PromptFilterMode
+		promptFilterChanged = true
+	}
+	if req.PromptFilterThreshold != nil {
+		promptFilterCfg.Threshold = *req.PromptFilterThreshold
+		promptFilterChanged = true
+	}
+	if req.PromptFilterStrictThreshold != nil {
+		promptFilterCfg.StrictThreshold = *req.PromptFilterStrictThreshold
+		promptFilterChanged = true
+	}
+	if req.PromptFilterLogMatches != nil {
+		promptFilterCfg.LogMatches = *req.PromptFilterLogMatches
+		promptFilterChanged = true
+	}
+	if req.PromptFilterMaxTextLength != nil {
+		promptFilterCfg.MaxTextLength = *req.PromptFilterMaxTextLength
+		promptFilterChanged = true
+	}
+	if req.PromptFilterSensitiveWords != nil {
+		promptFilterCfg.SensitiveWords = *req.PromptFilterSensitiveWords
+		promptFilterChanged = true
+	}
+	if req.PromptFilterCustomPatterns != nil {
+		patterns, err := promptfilter.ParseCustomPatterns(*req.PromptFilterCustomPatterns)
+		if err != nil {
+			writeError(c, http.StatusBadRequest, "Prompt 检查自定义规则 JSON 无效: "+err.Error())
+			return
+		}
+		promptFilterCfg.CustomPatterns = patterns
+		promptFilterChanged = true
+	}
+	if req.PromptFilterDisabledPatterns != nil {
+		disabled, err := promptfilter.ParseDisabledPatterns(*req.PromptFilterDisabledPatterns)
+		if err != nil {
+			writeError(c, http.StatusBadRequest, "Prompt 检查禁用规则 JSON 无效: "+err.Error())
+			return
+		}
+		promptFilterCfg.DisabledPatterns = disabled
+		promptFilterChanged = true
+	}
+	if promptFilterChanged {
+		promptFilterCfg = promptfilter.NormalizeConfig(promptFilterCfg)
+		if _, err := promptfilter.NewEngine(promptFilterCfg); err != nil {
+			writeError(c, http.StatusBadRequest, "Prompt 检查规则无效: "+err.Error())
+			return
+		}
+		h.store.SetPromptFilterConfig(promptFilterCfg)
+		log.Printf("设置已更新: prompt_filter enabled=%t mode=%s threshold=%d", promptFilterCfg.Enabled, promptFilterCfg.Mode, promptFilterCfg.Threshold)
+	}
+
 	// Resin 粘性代理池配置
 	resinURL := ""
 	resinPlatformName := ""
@@ -2417,6 +2508,15 @@ func (h *Handler) UpdateSettings(c *gin.Context) {
 		ModelMapping:                     h.store.GetModelMapping(),
 		ResinURL:                         resinURL,
 		ResinPlatformName:                resinPlatformName,
+		PromptFilterEnabled:              promptFilterCfg.Enabled,
+		PromptFilterMode:                 promptFilterCfg.Mode,
+		PromptFilterThreshold:            promptFilterCfg.Threshold,
+		PromptFilterStrictThreshold:      promptFilterCfg.StrictThreshold,
+		PromptFilterLogMatches:           promptFilterCfg.LogMatches,
+		PromptFilterMaxTextLength:        promptFilterCfg.MaxTextLength,
+		PromptFilterSensitiveWords:       promptFilterCfg.SensitiveWords,
+		PromptFilterCustomPatterns:       promptfilter.MarshalCustomPatterns(promptFilterCfg.CustomPatterns),
+		PromptFilterDisabledPatterns:     promptfilter.MarshalDisabledPatterns(promptFilterCfg.DisabledPatterns),
 	})
 	if err != nil {
 		log.Printf("无法持久化保存设置: %v", err)
@@ -2465,6 +2565,15 @@ func (h *Handler) UpdateSettings(c *gin.Context) {
 		ModelMapping:                     h.store.GetModelMapping(),
 		ResinURL:                         resinURL,
 		ResinPlatformName:                resinPlatformName,
+		PromptFilterEnabled:              promptFilterCfg.Enabled,
+		PromptFilterMode:                 promptFilterCfg.Mode,
+		PromptFilterThreshold:            promptFilterCfg.Threshold,
+		PromptFilterStrictThreshold:      promptFilterCfg.StrictThreshold,
+		PromptFilterLogMatches:           promptFilterCfg.LogMatches,
+		PromptFilterMaxTextLength:        promptFilterCfg.MaxTextLength,
+		PromptFilterSensitiveWords:       promptFilterCfg.SensitiveWords,
+		PromptFilterCustomPatterns:       promptfilter.MarshalCustomPatterns(promptFilterCfg.CustomPatterns),
+		PromptFilterDisabledPatterns:     promptfilter.MarshalDisabledPatterns(promptFilterCfg.DisabledPatterns),
 	})
 }
 

admin/image_studio.go

@@ -277,6 +277,9 @@ func (h *Handler) CreateImageGenerationJob(c *gin.Context) {
 	}
 	paramsJSON, _ := json.Marshal(req)
 	keyID, keyName, keyMasked := imageJobAPIKeyMeta(apiKey)
+	if h.inspectImageStudioPromptFilter(c, proxy.AppendImageStyleToPrompt(req.Prompt, req.Style), req.Model, keyID, keyName, keyMasked) {
+		return
+	}
 	jobID, err := h.db.InsertImageGenerationJob(ctx, database.ImageGenerationJobInput{
 		Prompt:       req.Prompt,
 		ParamsJSON:   string(paramsJSON),

admin/prompt_filter.go

@@ -0,0 +1,187 @@
+package admin
+
+import (
+	"context"
+	"net/http"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/codex2api/database"
+	"github.com/codex2api/security/promptfilter"
+	"github.com/gin-gonic/gin"
+)
+
+type promptFilterLogsResponse struct {
+	Logs     []*database.PromptFilterLog `json:"logs"`
+	Total    int                         `json:"total"`
+	Page     int                         `json:"page"`
+	PageSize int                         `json:"page_size"`
+}
+
+type promptFilterTestRequest struct {
+	Text     string `json:"text"`
+	Endpoint string `json:"endpoint"`
+	Model    string `json:"model"`
+}
+
+type promptFilterTestResponse struct {
+	Verdict promptfilter.Verdict `json:"verdict"`
+}
+
+type promptFilterRuleItem struct {
+	Name     string `json:"name"`
+	Pattern  string `json:"pattern"`
+	Weight   int    `json:"weight"`
+	Category string `json:"category,omitempty"`
+	Strict   bool   `json:"strict,omitempty"`
+	Enabled  bool   `json:"enabled"`
+	Builtin  bool   `json:"builtin"`
+}
+
+type promptFilterRulesResponse struct {
+	BuiltinPatterns  []promptFilterRuleItem       `json:"builtin_patterns"`
+	CustomPatterns   []promptfilter.PatternConfig `json:"custom_patterns"`
+	DisabledPatterns []string                     `json:"disabled_patterns"`
+}
+
+func (h *Handler) inspectImageStudioPromptFilter(c *gin.Context, text string, model string, keyID int64, keyName string, keyMasked string) bool {
+	if h == nil || h.store == nil {
+		return false
+	}
+	cfg := h.store.GetPromptFilterConfig()
+	verdict := promptfilter.InspectText(text, cfg)
+	if verdict.Action == promptfilter.ActionWarn {
+		c.Header("X-Prompt-Filter-Warning", verdict.Reason)
+		return false
+	}
+	if verdict.Action != promptfilter.ActionBlock {
+		return false
+	}
+	h.recordPromptFilterLog(c, &database.PromptFilterLogInput{
+		Source:          "local_filter",
+		Endpoint:        "/api/admin/images/jobs",
+		Model:           model,
+		Action:          verdict.Action,
+		Mode:            verdict.Mode,
+		Score:           verdict.Score,
+		Threshold:       verdict.Threshold,
+		MatchedPatterns: promptfilter.MatchesJSON(verdict.Matched),
+		TextPreview:     verdict.TextPreview,
+		APIKeyID:        keyID,
+		APIKeyName:      keyName,
+		APIKeyMasked:    keyMasked,
+		ClientIP:        c.ClientIP(),
+	})
+	writeError(c, http.StatusBadRequest, "Prompt 被检查规则拦截")
+	return true
+}
+
+func (h *Handler) recordPromptFilterLog(c *gin.Context, input *database.PromptFilterLogInput) {
+	if h == nil || h.db == nil || input == nil {
+		return
+	}
+	ctx, cancel := context.WithTimeout(context.Background(), 3*time.Second)
+	defer cancel()
+	_ = h.db.InsertPromptFilterLog(ctx, input)
+}
+
+func (h *Handler) ListPromptFilterLogs(c *gin.Context) {
+	page := positiveQueryInt(c, "page", 1)
+	pageSize := positiveQueryInt(c, "page_size", positiveQueryInt(c, "limit", 100))
+	apiKeyID := int64(0)
+	if raw := strings.TrimSpace(c.Query("api_key_id")); raw != "" {
+		if parsed, err := strconv.ParseInt(raw, 10, 64); err == nil && parsed > 0 {
+			apiKeyID = parsed
+		}
+	}
+	ctx, cancel := context.WithTimeout(c.Request.Context(), 5*time.Second)
+	defer cancel()
+	logs, total, err := h.db.ListPromptFilterLogsPage(ctx, database.PromptFilterLogQuery{
+		Page:     page,
+		PageSize: pageSize,
+		Source:   c.Query("source"),
+		Action:   c.Query("action"),
+		Endpoint: c.Query("endpoint"),
+		Model:    c.Query("model"),
+		APIKeyID: apiKeyID,
+		Query:    c.Query("q"),
+	})
+	if err != nil {
+		writeInternalError(c, err)
+		return
+	}
+	if logs == nil {
+		logs = []*database.PromptFilterLog{}
+	}
+	c.JSON(http.StatusOK, promptFilterLogsResponse{Logs: logs, Total: total, Page: page, PageSize: pageSize})
+}
+
+func (h *Handler) ClearPromptFilterLogs(c *gin.Context) {
+	ctx, cancel := context.WithTimeout(c.Request.Context(), 10*time.Second)
+	defer cancel()
+	if err := h.db.ClearPromptFilterLogs(ctx); err != nil {
+		writeInternalError(c, err)
+		return
+	}
+	writeMessage(c, http.StatusOK, "Prompt 检查日志已清空")
+}
+
+func (h *Handler) TestPromptFilter(c *gin.Context) {
+	var req promptFilterTestRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		writeError(c, http.StatusBadRequest, "请求体无效")
+		return
+	}
+	req.Text = strings.TrimSpace(req.Text)
+	if req.Text == "" {
+		writeError(c, http.StatusBadRequest, "text 不能为空")
+		return
+	}
+	if len([]rune(req.Text)) > 20000 {
+		writeError(c, http.StatusBadRequest, "text 不能超过 20000 个字符")
+		return
+	}
+	cfg := h.store.GetPromptFilterConfig()
+	cfg.Enabled = true
+	verdict := promptfilter.InspectText(req.Text, cfg)
+	c.JSON(http.StatusOK, promptFilterTestResponse{Verdict: verdict})
+}
+
+func (h *Handler) GetPromptFilterRules(c *gin.Context) {
+	cfg := h.store.GetPromptFilterConfig()
+	disabled := map[string]bool{}
+	for _, name := range cfg.DisabledPatterns {
+		disabled[strings.ToLower(strings.TrimSpace(name))] = true
+	}
+	builtin := promptfilter.BuiltinPatternConfigs()
+	items := make([]promptFilterRuleItem, 0, len(builtin))
+	for _, pattern := range builtin {
+		items = append(items, promptFilterRuleItem{
+			Name:     pattern.Name,
+			Pattern:  pattern.Pattern,
+			Weight:   pattern.Weight,
+			Category: pattern.Category,
+			Strict:   pattern.Strict,
+			Enabled:  !disabled[strings.ToLower(strings.TrimSpace(pattern.Name))],
+			Builtin:  true,
+		})
+	}
+	c.JSON(http.StatusOK, promptFilterRulesResponse{
+		BuiltinPatterns:  items,
+		CustomPatterns:   cfg.CustomPatterns,
+		DisabledPatterns: cfg.DisabledPatterns,
+	})
+}
+
+func positiveQueryInt(c *gin.Context, key string, fallback int) int {
+	raw := strings.TrimSpace(c.Query(key))
+	if raw == "" {
+		return fallback
+	}
+	parsed, err := strconv.Atoi(raw)
+	if err != nil || parsed <= 0 {
+		return fallback
+	}
+	return parsed
+}