fix(admin): one-click clean rate-limited now clears premium 5h + usage_exhausted

CleanRateLimited used CleanByRuntimeStatus("rate_limited"), which has two
quirks designed for the auto-cleanup sweep:

  1. premium 5h rate-limited accounts are skipped — they self-recover in
     ~5h so deleting them wastes accounts
  2. only matches RuntimeStatus == "rate_limited", not "usage_exhausted"
     (Free 7d window full)

The UI's "限流" filter is broader (covers usage_exhausted + premium 5h),
so users see accounts that the one-click cleaner won't touch. Users
already worked around this by selecting all of them and running batch
delete, which goes through per-id deletion and bypasses the runtime-status
gate entirely.

Fix: new CleanRateLimitedManual that
  - matches both rate_limited AND usage_exhausted
  - does NOT skip premium 5h (manual click is an explicit user intent)
  - still skips Locked accounts
  - logs the deletion event with reason "manual_clean" instead of
    "auto_clean"

CleanByRuntimeStatus is unchanged and still serves runAutoCleanupSweep.

Author: james-6-23

admin/handler.go

@@ -5077,9 +5077,14 @@ func (h *Handler) CleanBanned(c *gin.Context) {
 	h.cleanByStatus(c, "unauthorized")
 }
 
-// CleanRateLimited 清理限流（rate_limited）账号
+// CleanRateLimited 一键清理所有限流账号（含 premium 5h、free 7d、usage_exhausted）
 func (h *Handler) CleanRateLimited(c *gin.Context) {
-	h.cleanByStatus(c, "rate_limited")
+	ctx, cancel := context.WithTimeout(c.Request.Context(), 30*time.Second)
+	defer cancel()
+
+	cleaned := h.store.CleanRateLimitedManual(ctx)
+
+	c.JSON(http.StatusOK, gin.H{"message": fmt.Sprintf("已清理 %d 个账号", cleaned), "cleaned": cleaned})
 }
 
 // CleanError 清理错误（error）账号

auth/premium_rate_limit_test.go

@@ -115,3 +115,51 @@ func TestCleanByRuntimeStatusSkipsPremium5hRateLimitedAccount(t *testing.T) {
 		t.Fatalf("AccountCount() = %d, want 1", store.AccountCount())
 	}
 }
+
+func TestCleanRateLimitedManualClearsAllRateLimitFlavors(t *testing.T) {
+	premium := newPremium5hTestAccount("plus", time.Now().Add(20*time.Minute))
+	premium.DBID = 1
+
+	// Free 7d 用尽 → RuntimeStatus = "usage_exhausted"
+	exhausted := &Account{
+		DBID:                2,
+		AccessToken:         "token-exhausted",
+		PlanType:            "free",
+		Status:              StatusReady,
+		HealthTier:          HealthTierHealthy,
+		UsagePercent7d:      100,
+		UsagePercent7dValid: true,
+		Reset7dAt:           time.Now().Add(48 * time.Hour),
+		UsageUpdatedAt:      time.Now().Add(-1 * time.Minute),
+	}
+
+	// 普通正常账号 → 不应被清理
+	healthy := &Account{
+		DBID:        3,
+		AccessToken: "token-healthy",
+		PlanType:    "plus",
+		Status:      StatusReady,
+		HealthTier:  HealthTierHealthy,
+	}
+
+	// 锁定的限流账号 → 不应被清理
+	lockedRL := newPremium5hTestAccount("plus", time.Now().Add(20*time.Minute))
+	lockedRL.DBID = 4
+	lockedRL.Locked = 1
+
+	store := &Store{accounts: []*Account{premium, exhausted, healthy, lockedRL}}
+
+	cleaned := store.CleanRateLimitedManual(context.Background())
+	if cleaned != 2 {
+		t.Fatalf("CleanRateLimitedManual() cleaned = %d, want 2 (premium + exhausted)", cleaned)
+	}
+	if store.AccountCount() != 2 {
+		t.Fatalf("AccountCount() = %d, want 2 (healthy + locked stay)", store.AccountCount())
+	}
+	if store.FindByID(3) == nil {
+		t.Fatal("healthy account should remain")
+	}
+	if store.FindByID(4) == nil {
+		t.Fatal("locked rate-limited account should remain")
+	}
+}

auth/store.go

@@ -2521,7 +2521,9 @@ func (s *Store) Stop() {
 	s.wg.Wait()
 }
 
-// CleanByRuntimeStatus 按运行时状态清理账号
+// CleanByRuntimeStatus 按运行时状态清理账号（用于自动清理流程）
+// premium 5h 限流账号会被跳过，因为它们会在 5h 内自然恢复，无需删除。
+// 手动一键清理请改用 CleanRateLimitedManual——它会清掉所有限流账号。
 func (s *Store) CleanByRuntimeStatus(ctx context.Context, targetStatus string) int {
 	accounts := s.Accounts()
 	cleaned := 0
@@ -2556,6 +2558,45 @@ func (s *Store) CleanByRuntimeStatus(ctx context.Context, targetStatus string) i
 	return cleaned
 }
 
+// CleanRateLimitedManual 清理所有"限流"含义下的账号（用于手动一键清理）。
+// 与 CleanByRuntimeStatus("rate_limited") 的区别：
+//   - 涵盖 RuntimeStatus 的全部限流相关值：rate_limited / usage_exhausted
+//   - 不跳过 premium 5h 限流：手动触发即代表用户明确意图删除
+//   - 锁定账号依然跳过（与所有清理流程一致）
+func (s *Store) CleanRateLimitedManual(ctx context.Context) int {
+	accounts := s.Accounts()
+	cleaned := 0
+
+	for _, acc := range accounts {
+		if acc == nil {
+			continue
+		}
+		status := acc.RuntimeStatus()
+		if status != "rate_limited" && status != "usage_exhausted" {
+			continue
+		}
+
+		if atomic.LoadInt32(&acc.Locked) == 1 {
+			continue
+		}
+
+		if s.db != nil {
+			if err := s.db.SoftDeleteAccount(ctx, acc.DBID); err != nil {
+				log.Printf("[账号 %d] 手动清理限流账号失败: %v", acc.DBID, err)
+				continue
+			}
+		}
+
+		s.RemoveAccount(acc.DBID)
+		cleaned++
+		if s.db != nil {
+			s.db.InsertAccountEventAsync(acc.DBID, "deleted", "manual_clean")
+		}
+	}
+
+	return cleaned
+}
+
 // ==================== 最少连接调度 ====================
 
 // Next 获取下一个可用账号（健康优先 + 低负载择优 + warm 公平调度）