feat: v2.0.0 - MiMo 完整支持、周导航、静默查询#7
Open
HaoyueQin wants to merge 30 commits into
Open
Conversation
- MiMo 平台从 Beta 升级为正式支持 - MiMo 用量明细、每日趋势图、缓存命中明细全部打通 - MiMo WebView 默认隐藏,仅登录时弹出窗口 - 7 天窗口 + 周导航(左右翻页浏览历史数据) - 悬停区域优化(整列可悬停) - 设置界面根据平台动态显示文案 - Detail API 从 GET 改为 POST - 并发防护(in_progress 标记) - 版本号升级为 v2.0.0
- MiMo 查询优化:initialization_script 替代 on_page_load,hook 前置注入 - DPAPI 凭据加密:API Key/Token 使用 Windows DPAPI 加密存储 - 持久化回调服务器:tiny_http 启动时创建一次,复用端口 - 窗口可拉伸 + 4 个预设尺寸,右下角锚定 - 离线数据缓存:localStorage 缓存余额和用量 - 安全加固:CSP、withGlobalTauri:false、域名白名单、导航限制、输入验证 - 代码架构:types.ts/utils.ts/DashboardPanel.tsx 模块拆分 - 单元测试:Vitest + 16 个测试 - 修复 MiMo 查询 panic 和 401 循环弹窗
- 修复 api-platform_ph 缓存过期后不被清除导致 detail API 持续 401 - 401 重试限制(最多 2 次登录窗口),避免反复弹窗 - 修复 provider 切换卡在'查询中'的 bug - detail 提取轮询超时从 120s 缩短到 30s
- Rust 后端模块化:lib.rs(1894行) → types.rs + config.rs + deepseek.rs + mimo.rs + tray.rs - DPAPI 凭据加密:API Key/Token 使用 Windows DPAPI 加密存储 - 持久化回调服务器:tiny_http 复用端口,消除每次调用的线程开销 - 窗口可拉伸 + 4 个预设尺寸,锚定右下角 - 安全加固:CSP、withGlobalTauri:false、域名白名单、导航限制 - 离线数据缓存:localStorage 缓存余额和用量 - 前端模块化:types.ts、utils.ts、DashboardPanel.tsx - Vitest 单元测试框架 + 16 个测试 - UI 改进:默认浅色主题、刷新按钮反馈、紧凑预设高度优化
- 默认主题改为浅色蓝色(首次安装启动即生效) - 应用首次启动时自动定位到屏幕右下角 - 免责声明补充 MiMo 平台风险说明 - 其他文档同步更新 MiMo 内容
- Tauri updater 插件集成(签名验证的自动更新) - 窗口大小/位置保存和恢复(下次启动自动恢复) - Rust 单元测试(9 个测试覆盖 config 模块) - SettingsPanel/ModelDetailPanel 提取为独立组件 - 默认浅色主题修复、首次启动窗口定位修复 - 免责声明补充 MiMo 内容
- i18n 国际化:17 种语言支持,设置页语言下拉选择器 - Windows 余额通知:notify-rust toast 通知(默认关闭,可设置阈值) - Tauri 自动更新:tauri-plugin-updater + 签名验证 - 窗口状态记忆:保存/恢复窗口大小和位置 - Rust 单元测试:9 个测试覆盖配置模块 - 代码拆分:SettingsPanel/ModelDetailPanel 独立组件 - MiMo 查询稳定性:ph 缓存清除、401 重试限制、initialization_script
- Fixed check_update date format: now shows YYYY-MM-DD instead of raw RFC3339 - Added PendingUpdate state to store update object between check and install - New install_update command with Channel progress events (Started/Progress/Finished) - Frontend: check update -> download button -> progress bar with percentage -> auto-restart - Added tauri-plugin-process for relaunch after update - Added updater:default and process:default permissions - i18n: new keys for download_update, downloading_update, update_installed (17 langs) - Regenerated signing key with tauri signer generate (no password)
- Reset downloadDone on error to prevent permanent 'installed' state - Use server-side cumulative downloaded value instead of local accumulation - Remove dead relaunch() call (NSIS auto-exits during install)
- HIGH: Fix JS injection via loginUrl in window.eval() (mimo.rs) Now uses serde_json::to_string for proper JS string escaping - HIGH: Fix JS injection via unescaped ph in fetch URL (mimo.rs) URL and reqId now use serde_json::to_string for escaping - MEDIUM: Add on_navigation guard to login-sync WebView (deepseek.rs) Restricts navigation to platform.deepseek.com only - MEDIUM: Change CORS from '*' to 'null' on localhost callback server (lib.rs) Prevents arbitrary websites from injecting fake API responses - MEDIUM: DPAPI encrypt_credential now returns Result instead of silently falling back to plaintext on failure (config.rs)
Security: - Fix method parameter JS injection in fetch_mimo_api (use serde_json::to_string) - Change poll server CORS from '*' to 'null' in detail extraction - Encrypt mimo_ph on write, decrypt on read (was stored plaintext) - Reduce sensitive data logging (raw API responses, ph tokens -> debug level) Code Quality: - Delete orphaned config_tests.rs (never compiled, duplicated inline tests) - Fix Cargo.toml version mismatch (1.2.0 -> 2.3.3) - Fix unused variable warning in parse_detail_items - Add mimo_token decrypt on read (was encrypted on write but never decrypted)
Settings Page: - Restructured into 5 categories: Account, General, Display, Notifications, About - Two-level navigation: category list -> drill-down detail with back button - Category list with icons and hover effects New Features: - Theme setting: Light / Dark / System (follow OS preference) - Currency unit: CNY/USD/MT-per-Yuan with segmented control - Theme applied immediately on change with system preference listener - Notification threshold currency symbol matches selected unit Backend: - Added theme and currency_unit to StoredConfig and AppConfig - Added save_theme and save_currency_unit commands - DPAPI encrypt/decrypt for mimo_ph - Reduced sensitive data logging to debug level Code Quality: - Deleted orphaned config_tests.rs - Fixed Cargo.toml version mismatch - Fixed method parameter JS injection - Fixed CORS wildcard in poll server
Settings Page: - Accordion-style category navigation (Account, General, Display, Notifications, About) - CSS Grid animation for smooth expand/collapse - Categories expand inline, pushing other categories down New Settings: - Currency: CNY/USD with real-time exchange rate (open.er-api.com, 24h cache) - Efficiency unit: MT/¥ vs ¥/MT (or MT/$ vs $/MT) - Theme: Light/Dark/System with system preference listener - Notification threshold currency symbol matches selected unit Backend: - save_currency, save_efficiency_unit, save_theme commands - StoredConfig + AppConfig: theme, currency, efficiency_unit fields - Exchange rate cached in localStorage with v2 key Frontend: - currency + exchangeRate props threaded through all components - fmtMoney accepts currency and rate parameters - All money display respects currency setting
- Fix exchange rate: n / rate -> n * rate (API returns USD per CNY, e.g. 0.1469) - Update cache key to dsm-exrate-v2 (old inverted cache auto-discarded) - Fix sanity check: rate > 1 -> rate > 0 (0.1469 < 1 would be rejected) - Accordion animation: max-height -> CSS Grid grid-template-rows for smoother transition - README updated with v2.3.3, v2.3.4, v2.4.0 changelogs
- 所有分段按钮改为内联样式按钮组或下拉框,移除死代码 .segmented CSS - 刷新间隔和通知冷却支持下拉框 + 自定义输入 - 修复 export_config_json/import_config_json 未注册到 invoke_handler - 修复 CSS var(--text) 未定义、默认汇率 7.25→0.137 - 通知冷却预设增加 30 分钟,自定义状态从配置初始化 - 清理 main.tsx/SettingsPanel 中未使用的 imports 和变量 - 更新 README 项目结构和更新日志
- f64→u64 溢出防护 (deepseek.rs:482): 添加 .max(0.0).min(u64::MAX) - unsafe 块 SAFETY 注释 (config.rs): 6 个 unsafe 块全部添加 SAFETY 注释 - 敏感数据日志降级 (mimo.rs): API 响应内容从 info! 降为 debug! - 静默解析失败添加 warn! 日志 (mimo.rs) - UA 字符串提取为 USER_AGENT 常量 (deepseek.rs) - 魔术数字提取为命名常量: REQUEST_TIMEOUT_SECS, POLL_TIMEOUT_SECS, LOG_TRUNCATE_LEN - mimoDefaultModels 提取为模块级常量 MIMO_DEFAULT_MODELS (DashboardPanel.tsx) - 提取 fetchWithCache 工具函数消除重复缓存逻辑 (utils.ts/main.tsx) - lowBalanceThreshold 服务端验证: is_finite() + >= 0 (lib.rs)
- f64→u64 溢出防护、unsafe SAFETY 注释、敏感数据日志降级 - UA 常量、魔术数字常量、fetchWithCache 工具函数 - lowBalanceThreshold 服务端验证 - 更新 README 更新日志和版本号
- 设置页字体/玻璃透明度独立调优 - 新增更新日志查看器(marked渲染、分页全量加载、折叠展开) - MiMo 区域颜色改为小米品牌橙色 #FF6900 - 手风琴动画优化(0.35s,overflow hidden) - 下载进度条修复(消除30%跳动) - 缓存命中明细右上角+tooltip新增效率指标和每日命中率 - Bug修复:自定义刷新间隔不再重置、MimoDetailCache空缓存修正、Mutex双检锁优化、复用CallbackServer去线程泄漏、title_watcher超时缩短 - i18n精简为zh/en双语,语言下拉Portal渲染防裁剪 - 代码质量:提取公用函数、去动态import、modelIcon支持MiMo、:not()改白名单、detail-bar-column合并
- 标题下方显示平均命中率和平均单价 - 每日柱状图tooltip新增缓存命中率和平均单价 - 主页面tooltip「单价」统一改为「平均单价」
- DeepSeek用量回退组件内invoke,修复生产环境数据加载失败 - CSP connect-src新增open.er-api.com,汇率API不再被拦截 - 回调服务器start改为io::Result,消除expect/panic - main.tsx import清理,initLang调用顺序修正 - README i18n描述同步更新为zh/en双语
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
v2.0.0 - MiMo 完整支持、周导航、静默查询
MiMo 平台完整支持
on_page_loadhook 自动拦截 SPA 的 detail API 请求,提取api-platform_ph参数mimo-auth-required事件通知前端图表增强
设置界面
技术改进
MimoDetailCache缓存 detail 提取结果(5 分钟 TTL),避免重复慢查询in_progress并发防护标记,防止多个 detail 提取同时运行导致 cascade构建
DeepSeekMonitorWindows_2.0.0_x64-setup.exe(已发布 Release)