Merge pull request #1463 from touwaeriol/feat/remove-sora

revert: completely remove Sora platform

Merge pull request #1463 from touwaeriol/feat/remove-sora
revert: completely remove Sora platform
d757df8a · Wesley Liddick · GitHub · f585a15e · 19655a15 · d757df8a
Unverified Commit d757df8a authored Apr 05, 2026 by Wesley Liddick Committed by GitHub Apr 05, 2026
--- a/backend/internal/server/middleware/security_headers.go
+++ b/backend/internal/server/middleware/security_headers.go
@@ -94,7 +94,6 @@ func isAPIRoutePath(c *gin.Context) bool {
 	return strings.HasPrefix(path, "/v1/") ||
 		strings.HasPrefix(path, "/v1beta/") ||
 		strings.HasPrefix(path, "/antigravity/") ||
-		strings.HasPrefix(path, "/sora/") ||
 		strings.HasPrefix(path, "/responses")
 }

--- a/backend/internal/server/router.go
+++ b/backend/internal/server/router.go
@@ -109,7 +109,6 @@ func registerRoutes(
 	// 注册各模块路由
 	routes.RegisterAuthRoutes(v1, h, jwtAuth, redisClient, settingService)
 	routes.RegisterUserRoutes(v1, h, jwtAuth, settingService)
-	routes.RegisterSoraClientRoutes(v1, h, jwtAuth, settingService)
 	routes.RegisterAdminRoutes(v1, h, adminAuth)
 	routes.RegisterGatewayRoutes(r, h, apiKeyAuth, apiKeyService, subscriptionService, opsService, settingService, cfg)
 }
--- a/backend/internal/server/routes/admin.go
+++ b/backend/internal/server/routes/admin.go
@@ -34,8 +34,6 @@ func RegisterAdminRoutes(
 		// OpenAI OAuth
 		registerOpenAIOAuthRoutes(admin, h)
-		// Sora OAuth（实现复用 OpenAI OAuth 服务，入口独立）
-		registerSoraOAuthRoutes(admin, h)
 		// Gemini OAuth
 		registerGeminiOAuthRoutes(admin, h)
@@ -321,19 +319,6 @@ func registerOpenAIOAuthRoutes(admin *gin.RouterGroup, h *handler.Handlers) {
 	}
 }
-func registerSoraOAuthRoutes(admin *gin.RouterGroup, h *handler.Handlers) {
-	sora := admin.Group("/sora")
-	{
-		sora.POST("/generate-auth-url", h.Admin.OpenAIOAuth.GenerateAuthURL)
-		sora.POST("/exchange-code", h.Admin.OpenAIOAuth.ExchangeCode)
-		sora.POST("/refresh-token", h.Admin.OpenAIOAuth.RefreshToken)
-		sora.POST("/st2at", h.Admin.OpenAIOAuth.ExchangeSoraSessionToken)
-		sora.POST("/rt2at", h.Admin.OpenAIOAuth.RefreshToken)
-		sora.POST("/accounts/:id/refresh", h.Admin.OpenAIOAuth.RefreshAccountToken)
-		sora.POST("/create-from-oauth", h.Admin.OpenAIOAuth.CreateAccountFromOAuth)
-	}
-}
 func registerGeminiOAuthRoutes(admin *gin.RouterGroup, h *handler.Handlers) {
 	gemini := admin.Group("/gemini")
 	{
@@ -422,15 +407,6 @@ func registerSettingsRoutes(admin *gin.RouterGroup, h *handler.Handlers) {
 		// Beta 策略配置
 		adminSettings.GET("/beta-policy", h.Admin.Setting.GetBetaPolicySettings)
 		adminSettings.PUT("/beta-policy", h.Admin.Setting.UpdateBetaPolicySettings)
-		// Sora S3 存储配置
-		adminSettings.GET("/sora-s3", h.Admin.Setting.GetSoraS3Settings)
-		adminSettings.PUT("/sora-s3", h.Admin.Setting.UpdateSoraS3Settings)
-		adminSettings.POST("/sora-s3/test", h.Admin.Setting.TestSoraS3Connection)
-		adminSettings.GET("/sora-s3/profiles", h.Admin.Setting.ListSoraS3Profiles)
-		adminSettings.POST("/sora-s3/profiles", h.Admin.Setting.CreateSoraS3Profile)
-		adminSettings.PUT("/sora-s3/profiles/:profile_id", h.Admin.Setting.UpdateSoraS3Profile)
-		adminSettings.DELETE("/sora-s3/profiles/:profile_id", h.Admin.Setting.DeleteSoraS3Profile)
-		adminSettings.POST("/sora-s3/profiles/:profile_id/activate", h.Admin.Setting.SetActiveSoraS3Profile)
 	}
 }

--- a/backend/internal/server/routes/gateway.go
+++ b/backend/internal/server/routes/gateway.go
@@ -23,11 +23,6 @@ func RegisterGatewayRoutes(
 	cfg *config.Config,
 ) {
 	bodyLimit := middleware.RequestBodyLimit(cfg.Gateway.MaxBodySize)
-	soraMaxBodySize := cfg.Gateway.SoraMaxBodySize
-	if soraMaxBodySize <= 0 {
-		soraMaxBodySize = cfg.Gateway.MaxBodySize
-	}
-	soraBodyLimit := middleware.RequestBodyLimit(soraMaxBodySize)
 	clientRequestID := middleware.ClientRequestID()
 	opsErrorLogger := handler.OpsErrorLoggerMiddleware(opsService)
 	endpointNorm := handler.InboundEndpointMiddleware()
@@ -163,28 +158,6 @@ func RegisterGatewayRoutes(
 		antigravityV1Beta.POST("/models/*modelAction", h.Gateway.GeminiV1BetaModels)
 	}
-	// Sora 专用路由（强制使用 sora 平台）
-	soraV1 := r.Group("/sora/v1")
-	soraV1.Use(soraBodyLimit)
-	soraV1.Use(clientRequestID)
-	soraV1.Use(opsErrorLogger)
-	soraV1.Use(endpointNorm)
-	soraV1.Use(middleware.ForcePlatform(service.PlatformSora))
-	soraV1.Use(gin.HandlerFunc(apiKeyAuth))
-	soraV1.Use(requireGroupAnthropic)
-	{
-		soraV1.POST("/chat/completions", h.SoraGateway.ChatCompletions)
-		soraV1.GET("/models", h.Gateway.Models)
-	}
-	// Sora 媒体代理（可选 API Key 验证）
-	if cfg.Gateway.SoraMediaRequireAPIKey {
-		r.GET("/sora/media/*filepath", gin.HandlerFunc(apiKeyAuth), h.SoraGateway.MediaProxy)
-	} else {
-		r.GET("/sora/media/*filepath", h.SoraGateway.MediaProxy)
-	}
-	// Sora 媒体代理（签名 URL，无需 API Key）
-	r.GET("/sora/media-signed/*filepath", h.SoraGateway.MediaProxySigned)
 }
 // getGroupPlatform extracts the group platform from the API Key stored in context.

--- a/backend/internal/server/routes/gateway_test.go
+++ b/backend/internal/server/routes/gateway_test.go
@@ -22,7 +22,6 @@ func newGatewayRoutesTestRouter() *gin.Engine {
 		&handler.Handlers{
 			Gateway:       &handler.GatewayHandler{},
 			OpenAIGateway: &handler.OpenAIGatewayHandler{},
-			SoraGateway:   &handler.SoraGatewayHandler{},
 		},
 		servermiddleware.APIKeyAuthMiddleware(func(c *gin.Context) {
 			c.Next()

--- a/backend/internal/server/routes/sora_client.go
+++ b/backend/internal/server/routes/sora_client.go
-package routes
-import (
-	"github.com/Wei-Shaw/sub2api/internal/handler"
-	"github.com/Wei-Shaw/sub2api/internal/server/middleware"
-	"github.com/Wei-Shaw/sub2api/internal/service"
-	"github.com/gin-gonic/gin"
-)
-// RegisterSoraClientRoutes 注册 Sora 客户端 API 路由（需要用户认证）。
-func RegisterSoraClientRoutes(
-	v1 *gin.RouterGroup,
-	h *handler.Handlers,
-	jwtAuth middleware.JWTAuthMiddleware,
-	settingService *service.SettingService,
-) {
-	if h.SoraClient == nil {
-		return
-	}
-	authenticated := v1.Group("/sora")
-	authenticated.Use(gin.HandlerFunc(jwtAuth))
-	authenticated.Use(middleware.BackendModeUserGuard(settingService))
-	{
-		authenticated.POST("/generate", h.SoraClient.Generate)
-		authenticated.GET("/generations", h.SoraClient.ListGenerations)
-		authenticated.GET("/generations/:id", h.SoraClient.GetGeneration)
-		authenticated.DELETE("/generations/:id", h.SoraClient.DeleteGeneration)
-		authenticated.POST("/generations/:id/cancel", h.SoraClient.CancelGeneration)
-		authenticated.POST("/generations/:id/save", h.SoraClient.SaveToStorage)
-		authenticated.GET("/quota", h.SoraClient.GetQuota)
-		authenticated.GET("/models", h.SoraClient.GetModels)
-		authenticated.GET("/storage-status", h.SoraClient.GetStorageStatus)
-	}
-}
--- a/backend/internal/service/account_service.go
+++ b/backend/internal/service/account_service.go
@@ -28,8 +28,7 @@ type AccountRepository interface {
 	// GetByCRSAccountID finds an account previously synced from CRS.
 	// Returns (nil, nil) if not found.
 	GetByCRSAccountID(ctx context.Context, crsAccountID string) (*Account, error)
-	// FindByExtraField 根据 extra 字段中的键值对查找账号（限定 platform='sora'）
+	// FindByExtraField 根据 extra 字段中的键值对查找账号
-	// 用于查找通过 linked_openai_account_id 关联的 Sora 账号
 	FindByExtraField(ctx context.Context, key string, value any) ([]Account, error)
 	// ListCRSAccountIDs returns a map of crs_account_id -> local account ID
 	// for all accounts that have been synced from CRS.

--- a/backend/internal/service/account_test_service.go
+++ b/backend/internal/service/account_test_service.go
@@ -13,18 +13,14 @@ import (
 	"log"
 	"net/http"
 	"net/http/httptest"
-	"net/url"
 	"regexp"
 	"strings"
-	"sync"
 	"time"
 	"github.com/Wei-Shaw/sub2api/internal/config"
 	"github.com/Wei-Shaw/sub2api/internal/pkg/claude"
 	"github.com/Wei-Shaw/sub2api/internal/pkg/geminicli"
 	"github.com/Wei-Shaw/sub2api/internal/pkg/openai"
-	"github.com/Wei-Shaw/sub2api/internal/pkg/tlsfingerprint"
-	"github.com/Wei-Shaw/sub2api/internal/util/soraerror"
 	"github.com/Wei-Shaw/sub2api/internal/util/urlvalidator"
 	"github.com/gin-gonic/gin"
 	"github.com/google/uuid"
@@ -37,11 +33,6 @@ var sseDataPrefix = regexp.MustCompile(`^data:\s*`)
 const (
 	testClaudeAPIURL   = "https://api.anthropic.com/v1/messages?beta=true"
 	chatgptCodexAPIURL = "https://chatgpt.com/backend-api/codex/responses"
-	soraMeAPIURL       = "https://sora.chatgpt.com/backend/me" // Sora 用户信息接口，用于测试连接
-	soraBillingAPIURL  = "https://sora.chatgpt.com/backend/billing/subscriptions"
-	soraInviteMineURL  = "https://sora.chatgpt.com/backend/project_y/invite/mine"
-	soraBootstrapURL   = "https://sora.chatgpt.com/backend/m/bootstrap"
-	soraRemainingURL   = "https://sora.chatgpt.com/backend/nf/check"
 )
 // TestEvent represents a SSE event for account testing
@@ -71,13 +62,8 @@ type AccountTestService struct {
 	httpUpstream              HTTPUpstream
 	cfg                       *config.Config
 	tlsFPProfileService       *TLSFingerprintProfileService
-	soraTestGuardMu           sync.Mutex
-	soraTestLastRun           map[int64]time.Time
-	soraTestCooldown          time.Duration
 }
-const defaultSoraTestCooldown = 10 * time.Second
 // NewAccountTestService creates a new AccountTestService
 func NewAccountTestService(
 	accountRepo AccountRepository,
@@ -94,8 +80,6 @@ func NewAccountTestService(
 		httpUpstream:              httpUpstream,
 		cfg:                       cfg,
 		tlsFPProfileService:       tlsFPProfileService,
-		soraTestLastRun:           make(map[int64]time.Time),
-		soraTestCooldown:          defaultSoraTestCooldown,
 	}
 }
@@ -197,10 +181,6 @@ func (s *AccountTestService) TestAccountConnection(c *gin.Context, accountID int
 		return s.routeAntigravityTest(c, account, modelID, prompt)
 	}
-	if account.Platform == PlatformSora {
-		return s.testSoraAccountConnection(c, account)
-	}
 	return s.testClaudeAccountConnection(c, account, modelID)
 }
@@ -634,698 +614,6 @@ func (s *AccountTestService) testGeminiAccountConnection(c *gin.Context, account
 	return s.processGeminiStream(c, resp.Body)
 }
-type soraProbeStep struct {
-	Name       string `json:"name"`
-	Status     string `json:"status"`
-	HTTPStatus int    `json:"http_status,omitempty"`
-	ErrorCode  string `json:"error_code,omitempty"`
-	Message    string `json:"message,omitempty"`
-}
-type soraProbeSummary struct {
-	Status string          `json:"status"`
-	Steps  []soraProbeStep `json:"steps"`
-}
-type soraProbeRecorder struct {
-	steps []soraProbeStep
-}
-func (r *soraProbeRecorder) addStep(name, status string, httpStatus int, errorCode, message string) {
-	r.steps = append(r.steps, soraProbeStep{
-		Name:       name,
-		Status:     status,
-		HTTPStatus: httpStatus,
-		ErrorCode:  strings.TrimSpace(errorCode),
-		Message:    strings.TrimSpace(message),
-	})
-}
-func (r *soraProbeRecorder) finalize() soraProbeSummary {
-	meSuccess := false
-	partial := false
-	for _, step := range r.steps {
-		if step.Name == "me" {
-			meSuccess = strings.EqualFold(step.Status, "success")
-			continue
-		}
-		if strings.EqualFold(step.Status, "failed") {
-			partial = true
-		}
-	}
-	status := "success"
-	if !meSuccess {
-		status = "failed"
-	} else if partial {
-		status = "partial_success"
-	}
-	return soraProbeSummary{
-		Status: status,
-		Steps:  append([]soraProbeStep(nil), r.steps...),
-	}
-}
-func (s *AccountTestService) emitSoraProbeSummary(c *gin.Context, rec *soraProbeRecorder) {
-	if rec == nil {
-		return
-	}
-	summary := rec.finalize()
-	code := ""
-	for _, step := range summary.Steps {
-		if strings.EqualFold(step.Status, "failed") && strings.TrimSpace(step.ErrorCode) != "" {
-			code = step.ErrorCode
-			break
-		}
-	}
-	s.sendEvent(c, TestEvent{
-		Type:   "sora_test_result",
-		Status: summary.Status,
-		Code:   code,
-		Data:   summary,
-	})
-}
-func (s *AccountTestService) acquireSoraTestPermit(accountID int64) (time.Duration, bool) {
-	if accountID <= 0 {
-		return 0, true
-	}
-	s.soraTestGuardMu.Lock()
-	defer s.soraTestGuardMu.Unlock()
-	if s.soraTestLastRun == nil {
-		s.soraTestLastRun = make(map[int64]time.Time)
-	}
-	cooldown := s.soraTestCooldown
-	if cooldown <= 0 {
-		cooldown = defaultSoraTestCooldown
-	}
-	now := time.Now()
-	if lastRun, ok := s.soraTestLastRun[accountID]; ok {
-		elapsed := now.Sub(lastRun)
-		if elapsed < cooldown {
-			return cooldown - elapsed, false
-		}
-	}
-	s.soraTestLastRun[accountID] = now
-	return 0, true
-}
-func ceilSeconds(d time.Duration) int {
-	if d <= 0 {
-		return 1
-	}
-	sec := int(d / time.Second)
-	if d%time.Second != 0 {
-		sec++
-	}
-	if sec < 1 {
-		sec = 1
-	}
-	return sec
-}
-// testSoraAPIKeyAccountConnection 测试 Sora apikey 类型账号的连通性。
-// 向上游 base_url 发送轻量级 prompt-enhance 请求验证连通性和 API Key 有效性。
-func (s *AccountTestService) testSoraAPIKeyAccountConnection(c *gin.Context, account *Account) error {
-	ctx := c.Request.Context()
-	apiKey := account.GetCredential("api_key")
-	if apiKey == "" {
-		return s.sendErrorAndEnd(c, "Sora apikey 账号缺少 api_key 凭证")
-	}
-	baseURL := account.GetBaseURL()
-	if baseURL == "" {
-		return s.sendErrorAndEnd(c, "Sora apikey 账号缺少 base_url")
-	}
-	// 验证 base_url 格式
-	normalizedBaseURL, err := s.validateUpstreamBaseURL(baseURL)
-	if err != nil {
-		return s.sendErrorAndEnd(c, fmt.Sprintf("base_url 无效: %s", err.Error()))
-	}
-	upstreamURL := strings.TrimSuffix(normalizedBaseURL, "/") + "/sora/v1/chat/completions"
-	// 设置 SSE 头
-	c.Writer.Header().Set("Content-Type", "text/event-stream")
-	c.Writer.Header().Set("Cache-Control", "no-cache")
-	c.Writer.Header().Set("Connection", "keep-alive")
-	c.Writer.Header().Set("X-Accel-Buffering", "no")
-	c.Writer.Flush()
-	if wait, ok := s.acquireSoraTestPermit(account.ID); !ok {
-		msg := fmt.Sprintf("Sora 账号测试过于频繁，请 %d 秒后重试", ceilSeconds(wait))
-		return s.sendErrorAndEnd(c, msg)
-	}
-	s.sendEvent(c, TestEvent{Type: "test_start", Model: "sora-upstream"})
-	// 构建轻量级 prompt-enhance 请求作为连通性测试
-	testPayload := map[string]any{
-		"model":    "prompt-enhance-short-10s",
-		"messages": []map[string]string{{"role": "user", "content": "test"}},
-		"stream":   false,
-	}
-	payloadBytes, _ := json.Marshal(testPayload)
-	req, err := http.NewRequestWithContext(ctx, http.MethodPost, upstreamURL, bytes.NewReader(payloadBytes))
-	if err != nil {
-		return s.sendErrorAndEnd(c, "构建测试请求失败")
-	}
-	req.Header.Set("Content-Type", "application/json")
-	req.Header.Set("Authorization", "Bearer "+apiKey)
-	// 获取代理 URL
-	proxyURL := ""
-	if account.ProxyID != nil && account.Proxy != nil {
-		proxyURL = account.Proxy.URL()
-	}
-	resp, err := s.httpUpstream.Do(req, proxyURL, account.ID, account.Concurrency)
-	if err != nil {
-		return s.sendErrorAndEnd(c, fmt.Sprintf("上游连接失败: %s", err.Error()))
-	}
-	defer func() { _ = resp.Body.Close() }()
-	respBody, _ := io.ReadAll(io.LimitReader(resp.Body, 64*1024))
-	if resp.StatusCode == http.StatusOK {
-		s.sendEvent(c, TestEvent{Type: "content", Text: fmt.Sprintf("上游连接成功 (%s)", upstreamURL)})
-		s.sendEvent(c, TestEvent{Type: "content", Text: fmt.Sprintf("API Key 有效 (HTTP %d)", resp.StatusCode)})
-		s.sendEvent(c, TestEvent{Type: "test_complete", Success: true})
-		return nil
-	}
-	if resp.StatusCode == http.StatusUnauthorized || resp.StatusCode == http.StatusForbidden {
-		return s.sendErrorAndEnd(c, fmt.Sprintf("上游认证失败 (HTTP %d)，请检查 API Key 是否正确", resp.StatusCode))
-	}
-	// 其他错误但能连通（如 400 参数错误）也算连通性测试通过
-	if resp.StatusCode == http.StatusBadRequest {
-		s.sendEvent(c, TestEvent{Type: "content", Text: fmt.Sprintf("上游连接成功 (%s)", upstreamURL)})
-		s.sendEvent(c, TestEvent{Type: "content", Text: fmt.Sprintf("API Key 有效（上游返回 %d，参数校验错误属正常）", resp.StatusCode)})
-		s.sendEvent(c, TestEvent{Type: "test_complete", Success: true})
-		return nil
-	}
-	return s.sendErrorAndEnd(c, fmt.Sprintf("上游返回异常 HTTP %d: %s", resp.StatusCode, truncateSoraErrorBody(respBody, 256)))
-}
-// testSoraAccountConnection 测试 Sora 账号的连接
-// OAuth 类型：调用 /backend/me 接口验证 access_token 有效性
-// APIKey 类型：向上游 base_url 发送轻量级 prompt-enhance 请求验证连通性
-func (s *AccountTestService) testSoraAccountConnection(c *gin.Context, account *Account) error {
-	// apikey 类型走独立测试流程
-	if account.Type == AccountTypeAPIKey {
-		return s.testSoraAPIKeyAccountConnection(c, account)
-	}
-	ctx := c.Request.Context()
-	recorder := &soraProbeRecorder{}
-	authToken := account.GetCredential("access_token")
-	if authToken == "" {
-		recorder.addStep("me", "failed", http.StatusUnauthorized, "missing_access_token", "No access token available")
-		s.emitSoraProbeSummary(c, recorder)
-		return s.sendErrorAndEnd(c, "No access token available")
-	}
-	// Set SSE headers
-	c.Writer.Header().Set("Content-Type", "text/event-stream")
-	c.Writer.Header().Set("Cache-Control", "no-cache")
-	c.Writer.Header().Set("Connection", "keep-alive")
-	c.Writer.Header().Set("X-Accel-Buffering", "no")
-	c.Writer.Flush()
-	if wait, ok := s.acquireSoraTestPermit(account.ID); !ok {
-		msg := fmt.Sprintf("Sora 账号测试过于频繁，请 %d 秒后重试", ceilSeconds(wait))
-		recorder.addStep("rate_limit", "failed", http.StatusTooManyRequests, "test_rate_limited", msg)
-		s.emitSoraProbeSummary(c, recorder)
-		return s.sendErrorAndEnd(c, msg)
-	}
-	// Send test_start event
-	s.sendEvent(c, TestEvent{Type: "test_start", Model: "sora"})
-	req, err := http.NewRequestWithContext(ctx, "GET", soraMeAPIURL, nil)
-	if err != nil {
-		recorder.addStep("me", "failed", 0, "request_build_failed", err.Error())
-		s.emitSoraProbeSummary(c, recorder)
-		return s.sendErrorAndEnd(c, "Failed to create request")
-	}
-	// 使用 Sora 客户端标准请求头
-	req.Header.Set("Authorization", "Bearer "+authToken)
-	req.Header.Set("User-Agent", "Sora/1.2026.007 (Android 15; 24122RKC7C; build 2600700)")
-	req.Header.Set("Accept", "application/json")
-	req.Header.Set("Accept-Language", "en-US,en;q=0.9")
-	req.Header.Set("Origin", "https://sora.chatgpt.com")
-	req.Header.Set("Referer", "https://sora.chatgpt.com/")
-	// Get proxy URL
-	proxyURL := ""
-	if account.ProxyID != nil && account.Proxy != nil {
-		proxyURL = account.Proxy.URL()
-	}
-	soraTLSProfile := s.resolveSoraTLSProfile()
-	resp, err := s.httpUpstream.DoWithTLS(req, proxyURL, account.ID, account.Concurrency, soraTLSProfile)
-	if err != nil {
-		recorder.addStep("me", "failed", 0, "network_error", err.Error())
-		s.emitSoraProbeSummary(c, recorder)
-		return s.sendErrorAndEnd(c, fmt.Sprintf("Request failed: %s", err.Error()))
-	}
-	defer func() { _ = resp.Body.Close() }()
-	body, _ := io.ReadAll(resp.Body)
-	if resp.StatusCode != http.StatusOK {
-		if isCloudflareChallengeResponse(resp.StatusCode, resp.Header, body) {
-			recorder.addStep("me", "failed", resp.StatusCode, "cf_challenge", "Cloudflare challenge detected")
-			s.emitSoraProbeSummary(c, recorder)
-			s.logSoraCloudflareChallenge(account, proxyURL, soraMeAPIURL, resp.Header, body)
-			return s.sendErrorAndEnd(c, formatCloudflareChallengeMessage(fmt.Sprintf("Sora request blocked by Cloudflare challenge (HTTP %d). Please switch to a clean proxy/network and retry.", resp.StatusCode), resp.Header, body))
-		}
-		upstreamCode, upstreamMessage := soraerror.ExtractUpstreamErrorCodeAndMessage(body)
-		switch {
-		case resp.StatusCode == http.StatusUnauthorized && strings.EqualFold(upstreamCode, "token_invalidated"):
-			recorder.addStep("me", "failed", resp.StatusCode, "token_invalidated", "Sora token invalidated")
-			s.emitSoraProbeSummary(c, recorder)
-			return s.sendErrorAndEnd(c, "Sora token 已失效（token_invalidated），请重新授权账号")
-		case strings.EqualFold(upstreamCode, "unsupported_country_code"):
-			recorder.addStep("me", "failed", resp.StatusCode, "unsupported_country_code", "Sora is unavailable in current egress region")
-			s.emitSoraProbeSummary(c, recorder)
-			return s.sendErrorAndEnd(c, "Sora 在当前网络出口地区不可用（unsupported_country_code），请切换到支持地区后重试")
-		case strings.TrimSpace(upstreamMessage) != "":
-			recorder.addStep("me", "failed", resp.StatusCode, upstreamCode, upstreamMessage)
-			s.emitSoraProbeSummary(c, recorder)
-			return s.sendErrorAndEnd(c, fmt.Sprintf("Sora API returned %d: %s", resp.StatusCode, upstreamMessage))
-		default:
-			recorder.addStep("me", "failed", resp.StatusCode, upstreamCode, "Sora me endpoint failed")
-			s.emitSoraProbeSummary(c, recorder)
-			return s.sendErrorAndEnd(c, fmt.Sprintf("Sora API returned %d: %s", resp.StatusCode, truncateSoraErrorBody(body, 512)))
-		}
-	}
-	recorder.addStep("me", "success", resp.StatusCode, "", "me endpoint ok")
-	// 解析 /me 响应，提取用户信息
-	var meResp map[string]any
-	if err := json.Unmarshal(body, &meResp); err != nil {
-		// 能收到 200 就说明 token 有效
-		s.sendEvent(c, TestEvent{Type: "content", Text: "Sora connection OK (token valid)"})
-	} else {
-		// 尝试提取用户名或邮箱信息
-		info := "Sora connection OK"
-		if name, ok := meResp["name"].(string); ok && name != "" {
-			info = fmt.Sprintf("Sora connection OK - User: %s", name)
-		} else if email, ok := meResp["email"].(string); ok && email != "" {
-			info = fmt.Sprintf("Sora connection OK - Email: %s", email)
-		}
-		s.sendEvent(c, TestEvent{Type: "content", Text: info})
-	}
-	// 追加轻量能力检查：订阅信息查询（失败仅告警，不中断连接测试）
-	subReq, err := http.NewRequestWithContext(ctx, "GET", soraBillingAPIURL, nil)
-	if err == nil {
-		subReq.Header.Set("Authorization", "Bearer "+authToken)
-		subReq.Header.Set("User-Agent", "Sora/1.2026.007 (Android 15; 24122RKC7C; build 2600700)")
-		subReq.Header.Set("Accept", "application/json")
-		subReq.Header.Set("Accept-Language", "en-US,en;q=0.9")
-		subReq.Header.Set("Origin", "https://sora.chatgpt.com")
-		subReq.Header.Set("Referer", "https://sora.chatgpt.com/")
-		subResp, subErr := s.httpUpstream.DoWithTLS(subReq, proxyURL, account.ID, account.Concurrency, soraTLSProfile)
-		if subErr != nil {
-			recorder.addStep("subscription", "failed", 0, "network_error", subErr.Error())
-			s.sendEvent(c, TestEvent{Type: "content", Text: fmt.Sprintf("Subscription check skipped: %s", subErr.Error())})
-		} else {
-			subBody, _ := io.ReadAll(subResp.Body)
-			_ = subResp.Body.Close()
-			if subResp.StatusCode == http.StatusOK {
-				recorder.addStep("subscription", "success", subResp.StatusCode, "", "subscription endpoint ok")
-				if summary := parseSoraSubscriptionSummary(subBody); summary != "" {
-					s.sendEvent(c, TestEvent{Type: "content", Text: summary})
-				} else {
-					s.sendEvent(c, TestEvent{Type: "content", Text: "Subscription check OK"})
-				}
-			} else {
-				if isCloudflareChallengeResponse(subResp.StatusCode, subResp.Header, subBody) {
-					recorder.addStep("subscription", "failed", subResp.StatusCode, "cf_challenge", "Cloudflare challenge detected")
-					s.logSoraCloudflareChallenge(account, proxyURL, soraBillingAPIURL, subResp.Header, subBody)
-					s.sendEvent(c, TestEvent{Type: "content", Text: formatCloudflareChallengeMessage(fmt.Sprintf("Subscription check blocked by Cloudflare challenge (HTTP %d)", subResp.StatusCode), subResp.Header, subBody)})
-				} else {
-					upstreamCode, upstreamMessage := soraerror.ExtractUpstreamErrorCodeAndMessage(subBody)
-					recorder.addStep("subscription", "failed", subResp.StatusCode, upstreamCode, upstreamMessage)
-					s.sendEvent(c, TestEvent{Type: "content", Text: fmt.Sprintf("Subscription check returned %d", subResp.StatusCode)})
-				}
-			}
-		}
-	}
-	// 追加 Sora2 能力探测（对齐 sora2api 的测试思路）：邀请码 + 剩余额度。
-	s.testSora2Capabilities(c, ctx, account, authToken, proxyURL, soraTLSProfile, recorder)
-	s.emitSoraProbeSummary(c, recorder)
-	s.sendEvent(c, TestEvent{Type: "test_complete", Success: true})
-	return nil
-}
-func (s *AccountTestService) testSora2Capabilities(
-	c *gin.Context,
-	ctx context.Context,
-	account *Account,
-	authToken string,
-	proxyURL string,
-	tlsProfile *tlsfingerprint.Profile,
-	recorder *soraProbeRecorder,
-) {
-	inviteStatus, inviteHeader, inviteBody, err := s.fetchSoraTestEndpoint(
-		ctx,
-		account,
-		authToken,
-		soraInviteMineURL,
-		proxyURL,
-		tlsProfile,
-	)
-	if err != nil {
-		if recorder != nil {
-			recorder.addStep("sora2_invite", "failed", 0, "network_error", err.Error())
-		}
-		s.sendEvent(c, TestEvent{Type: "content", Text: fmt.Sprintf("Sora2 invite check skipped: %s", err.Error())})
-		return
-	}
-	if inviteStatus == http.StatusUnauthorized {
-		bootstrapStatus, _, _, bootstrapErr := s.fetchSoraTestEndpoint(
-			ctx,
-			account,
-			authToken,
-			soraBootstrapURL,
-			proxyURL,
-			tlsProfile,
-		)
-		if bootstrapErr == nil && bootstrapStatus == http.StatusOK {
-			if recorder != nil {
-				recorder.addStep("sora2_bootstrap", "success", bootstrapStatus, "", "bootstrap endpoint ok")
-			}
-			s.sendEvent(c, TestEvent{Type: "content", Text: "Sora2 bootstrap OK, retry invite check"})
-			inviteStatus, inviteHeader, inviteBody, err = s.fetchSoraTestEndpoint(
-				ctx,
-				account,
-				authToken,
-				soraInviteMineURL,
-				proxyURL,
-				tlsProfile,
-			)
-			if err != nil {
-				if recorder != nil {
-					recorder.addStep("sora2_invite", "failed", 0, "network_error", err.Error())
-				}
-				s.sendEvent(c, TestEvent{Type: "content", Text: fmt.Sprintf("Sora2 invite retry failed: %s", err.Error())})
-				return
-			}
-		} else if recorder != nil {
-			code := ""
-			msg := ""
-			if bootstrapErr != nil {
-				code = "network_error"
-				msg = bootstrapErr.Error()
-			}
-			recorder.addStep("sora2_bootstrap", "failed", bootstrapStatus, code, msg)
-		}
-	}
-	if inviteStatus != http.StatusOK {
-		if isCloudflareChallengeResponse(inviteStatus, inviteHeader, inviteBody) {
-			if recorder != nil {
-				recorder.addStep("sora2_invite", "failed", inviteStatus, "cf_challenge", "Cloudflare challenge detected")
-			}
-			s.logSoraCloudflareChallenge(account, proxyURL, soraInviteMineURL, inviteHeader, inviteBody)
-			s.sendEvent(c, TestEvent{Type: "content", Text: formatCloudflareChallengeMessage(fmt.Sprintf("Sora2 invite check blocked by Cloudflare challenge (HTTP %d)", inviteStatus), inviteHeader, inviteBody)})
-			return
-		}
-		upstreamCode, upstreamMessage := soraerror.ExtractUpstreamErrorCodeAndMessage(inviteBody)
-		if recorder != nil {
-			recorder.addStep("sora2_invite", "failed", inviteStatus, upstreamCode, upstreamMessage)
-		}
-		s.sendEvent(c, TestEvent{Type: "content", Text: fmt.Sprintf("Sora2 invite check returned %d", inviteStatus)})
-		return
-	}
-	if recorder != nil {
-		recorder.addStep("sora2_invite", "success", inviteStatus, "", "invite endpoint ok")
-	}
-	if summary := parseSoraInviteSummary(inviteBody); summary != "" {
-		s.sendEvent(c, TestEvent{Type: "content", Text: summary})
-	} else {
-		s.sendEvent(c, TestEvent{Type: "content", Text: "Sora2 invite check OK"})
-	}
-	remainingStatus, remainingHeader, remainingBody, remainingErr := s.fetchSoraTestEndpoint(
-		ctx,
-		account,
-		authToken,
-		soraRemainingURL,
-		proxyURL,
-		tlsProfile,
-	)
-	if remainingErr != nil {
-		if recorder != nil {
-			recorder.addStep("sora2_remaining", "failed", 0, "network_error", remainingErr.Error())
-		}
-		s.sendEvent(c, TestEvent{Type: "content", Text: fmt.Sprintf("Sora2 remaining check skipped: %s", remainingErr.Error())})
-		return
-	}
-	if remainingStatus != http.StatusOK {
-		if isCloudflareChallengeResponse(remainingStatus, remainingHeader, remainingBody) {
-			if recorder != nil {
-				recorder.addStep("sora2_remaining", "failed", remainingStatus, "cf_challenge", "Cloudflare challenge detected")
-			}
-			s.logSoraCloudflareChallenge(account, proxyURL, soraRemainingURL, remainingHeader, remainingBody)
-			s.sendEvent(c, TestEvent{Type: "content", Text: formatCloudflareChallengeMessage(fmt.Sprintf("Sora2 remaining check blocked by Cloudflare challenge (HTTP %d)", remainingStatus), remainingHeader, remainingBody)})
-			return
-		}
-		upstreamCode, upstreamMessage := soraerror.ExtractUpstreamErrorCodeAndMessage(remainingBody)
-		if recorder != nil {
-			recorder.addStep("sora2_remaining", "failed", remainingStatus, upstreamCode, upstreamMessage)
-		}
-		s.sendEvent(c, TestEvent{Type: "content", Text: fmt.Sprintf("Sora2 remaining check returned %d", remainingStatus)})
-		return
-	}
-	if recorder != nil {
-		recorder.addStep("sora2_remaining", "success", remainingStatus, "", "remaining endpoint ok")
-	}
-	if summary := parseSoraRemainingSummary(remainingBody); summary != "" {
-		s.sendEvent(c, TestEvent{Type: "content", Text: summary})
-	} else {
-		s.sendEvent(c, TestEvent{Type: "content", Text: "Sora2 remaining check OK"})
-	}
-}
-func (s *AccountTestService) fetchSoraTestEndpoint(
-	ctx context.Context,
-	account *Account,
-	authToken string,
-	url string,
-	proxyURL string,
-	tlsProfile *tlsfingerprint.Profile,
-) (int, http.Header, []byte, error) {
-	req, err := http.NewRequestWithContext(ctx, "GET", url, nil)
-	if err != nil {
-		return 0, nil, nil, err
-	}
-	req.Header.Set("Authorization", "Bearer "+authToken)
-	req.Header.Set("User-Agent", "Sora/1.2026.007 (Android 15; 24122RKC7C; build 2600700)")
-	req.Header.Set("Accept", "application/json")
-	req.Header.Set("Accept-Language", "en-US,en;q=0.9")
-	req.Header.Set("Origin", "https://sora.chatgpt.com")
-	req.Header.Set("Referer", "https://sora.chatgpt.com/")
-	resp, err := s.httpUpstream.DoWithTLS(req, proxyURL, account.ID, account.Concurrency, tlsProfile)
-	if err != nil {
-		return 0, nil, nil, err
-	}
-	defer func() { _ = resp.Body.Close() }()
-	body, readErr := io.ReadAll(resp.Body)
-	if readErr != nil {
-		return resp.StatusCode, resp.Header, nil, readErr
-	}
-	return resp.StatusCode, resp.Header, body, nil
-}
-func parseSoraSubscriptionSummary(body []byte) string {
-	var subResp struct {
-		Data []struct {
-			Plan struct {
-				ID    string `json:"id"`
-				Title string `json:"title"`
-			} `json:"plan"`
-			EndTS string `json:"end_ts"`
-		} `json:"data"`
-	}
-	if err := json.Unmarshal(body, &subResp); err != nil {
-		return ""
-	}
-	if len(subResp.Data) == 0 {
-		return ""
-	}
-	first := subResp.Data[0]
-	parts := make([]string, 0, 3)
-	if first.Plan.Title != "" {
-		parts = append(parts, first.Plan.Title)
-	}
-	if first.Plan.ID != "" {
-		parts = append(parts, first.Plan.ID)
-	}
-	if first.EndTS != "" {
-		parts = append(parts, "end="+first.EndTS)
-	}
-	if len(parts) == 0 {
-		return ""
-	}
-	return "Subscription: " + strings.Join(parts, " | ")
-}
-func parseSoraInviteSummary(body []byte) string {
-	var inviteResp struct {
-		InviteCode    string `json:"invite_code"`
-		RedeemedCount int64  `json:"redeemed_count"`
-		TotalCount    int64  `json:"total_count"`
-	}
-	if err := json.Unmarshal(body, &inviteResp); err != nil {
-		return ""
-	}
-	parts := []string{"Sora2: supported"}
-	if inviteResp.InviteCode != "" {
-		parts = append(parts, "invite="+inviteResp.InviteCode)
-	}
-	if inviteResp.TotalCount > 0 {
-		parts = append(parts, fmt.Sprintf("used=%d/%d", inviteResp.RedeemedCount, inviteResp.TotalCount))
-	}
-	return strings.Join(parts, " | ")
-}
-func parseSoraRemainingSummary(body []byte) string {
-	var remainingResp struct {
-		RateLimitAndCreditBalance struct {
-			EstimatedNumVideosRemaining int64 `json:"estimated_num_videos_remaining"`
-			RateLimitReached            bool  `json:"rate_limit_reached"`
-			AccessResetsInSeconds       int64 `json:"access_resets_in_seconds"`
-		} `json:"rate_limit_and_credit_balance"`
-	}
-	if err := json.Unmarshal(body, &remainingResp); err != nil {
-		return ""
-	}
-	info := remainingResp.RateLimitAndCreditBalance
-	parts := []string{fmt.Sprintf("Sora2 remaining: %d", info.EstimatedNumVideosRemaining)}
-	if info.RateLimitReached {
-		parts = append(parts, "rate_limited=true")
-	}
-	if info.AccessResetsInSeconds > 0 {
-		parts = append(parts, fmt.Sprintf("reset_in=%ds", info.AccessResetsInSeconds))
-	}
-	return strings.Join(parts, " | ")
-}
-func (s *AccountTestService) resolveSoraTLSProfile() *tlsfingerprint.Profile {
-	if s == nil || s.cfg == nil || !s.cfg.Sora.Client.DisableTLSFingerprint {
-		// Sora TLS fingerprint enabled — use built-in default profile
-		return &tlsfingerprint.Profile{Name: "Built-in Default (Sora)"}
-	}
-	return nil // disabled
-}
-func isCloudflareChallengeResponse(statusCode int, headers http.Header, body []byte) bool {
-	return soraerror.IsCloudflareChallengeResponse(statusCode, headers, body)
-}
-func formatCloudflareChallengeMessage(base string, headers http.Header, body []byte) string {
-	return soraerror.FormatCloudflareChallengeMessage(base, headers, body)
-}
-func extractCloudflareRayID(headers http.Header, body []byte) string {
-	return soraerror.ExtractCloudflareRayID(headers, body)
-}
-func extractSoraEgressIPHint(headers http.Header) string {
-	if headers == nil {
-		return "unknown"
-	}
-	candidates := []string{
-		"x-openai-public-ip",
-		"x-envoy-external-address",
-		"cf-connecting-ip",
-		"x-forwarded-for",
-	}
-	for _, key := range candidates {
-		if value := strings.TrimSpace(headers.Get(key)); value != "" {
-			return value
-		}
-	}
-	return "unknown"
-}
-func sanitizeProxyURLForLog(raw string) string {
-	raw = strings.TrimSpace(raw)
-	if raw == "" {
-		return ""
-	}
-	u, err := url.Parse(raw)
-	if err != nil {
-		return "<invalid_proxy_url>"
-	}
-	if u.User != nil {
-		u.User = nil
-	}
-	return u.String()
-}
-func endpointPathForLog(endpoint string) string {
-	parsed, err := url.Parse(strings.TrimSpace(endpoint))
-	if err != nil || parsed.Path == "" {
-		return endpoint
-	}
-	return parsed.Path
-}
-func (s *AccountTestService) logSoraCloudflareChallenge(account *Account, proxyURL, endpoint string, headers http.Header, body []byte) {
-	accountID := int64(0)
-	platform := ""
-	proxyID := "none"
-	if account != nil {
-		accountID = account.ID
-		platform = account.Platform
-		if account.ProxyID != nil {
-			proxyID = fmt.Sprintf("%d", *account.ProxyID)
-		}
-	}
-	cfRay := extractCloudflareRayID(headers, body)
-	if cfRay == "" {
-		cfRay = "unknown"
-	}
-	log.Printf(
-		"[SoraCFChallenge] account_id=%d platform=%s endpoint=%s path=%s proxy_id=%s proxy_url=%s cf_ray=%s egress_ip_hint=%s",
-		accountID,
-		platform,
-		endpoint,
-		endpointPathForLog(endpoint),
-		proxyID,
-		sanitizeProxyURLForLog(proxyURL),
-		cfRay,
-		extractSoraEgressIPHint(headers),
-	)
-}
-func truncateSoraErrorBody(body []byte, max int) string {
-	return soraerror.TruncateBody(body, max)
-}
 // routeAntigravityTest 路由 Antigravity 账号的测试请求。
 // APIKey 类型走原生协议（与 gateway_handler 路由一致），OAuth/Upstream 走 CRS 中转。
 func (s *AccountTestService) routeAntigravityTest(c *gin.Context, account *Account, modelID string, prompt string) error {

--- a/backend/internal/service/account_test_service_gemini_test.go
+++ b/backend/internal/service/account_test_service_gemini_test.go
@@ -42,7 +42,7 @@ func TestProcessGeminiStream_EmitsImageEvent(t *testing.T) {
 	t.Parallel()
 	gin.SetMode(gin.TestMode)
-	ctx, recorder := newSoraTestContext()
+	ctx, recorder := newTestContext()
 	svc := &AccountTestService{}
 	stream := strings.NewReader("data: {\"candidates\":[{\"content\":{\"parts\":[{\"text\":\"ok\"},{\"inlineData\":{\"mimeType\":\"image/png\",\"data\":\"QUJD\"}}]}}]}\n\ndata: [DONE]\n\n")

--- a/backend/internal/service/account_test_service_openai_test.go
+++ b/backend/internal/service/account_test_service_openai_test.go
@@ -4,16 +4,61 @@ package service
 import (
 	"context"
+	"fmt"
 	"io"
 	"net/http"
+	"net/http/httptest"
 	"strings"
 	"testing"
 	"time"
 	"github.com/gin-gonic/gin"
 	"github.com/stretchr/testify/require"
+	"github.com/Wei-Shaw/sub2api/internal/pkg/tlsfingerprint"
 )
+// --- shared test helpers ---
+type queuedHTTPUpstream struct {
+	responses []*http.Response
+	requests  []*http.Request
+	tlsFlags  []bool
+}
+func (u *queuedHTTPUpstream) Do(_ *http.Request, _ string, _ int64, _ int) (*http.Response, error) {
+	return nil, fmt.Errorf("unexpected Do call")
+}
+func (u *queuedHTTPUpstream) DoWithTLS(req *http.Request, _ string, _ int64, _ int, profile *tlsfingerprint.Profile) (*http.Response, error) {
+	u.requests = append(u.requests, req)
+	u.tlsFlags = append(u.tlsFlags, profile != nil)
+	if len(u.responses) == 0 {
+		return nil, fmt.Errorf("no mocked response")
+	}
+	resp := u.responses[0]
+	u.responses = u.responses[1:]
+	return resp, nil
+}
+func newJSONResponse(status int, body string) *http.Response {
+	return &http.Response{
+		StatusCode: status,
+		Header:     make(http.Header),
+		Body:       io.NopCloser(strings.NewReader(body)),
+	}
+}
+// --- test functions ---
+func newTestContext() (*gin.Context, *httptest.ResponseRecorder) {
+	gin.SetMode(gin.TestMode)
+	rec := httptest.NewRecorder()
+	c, _ := gin.CreateTestContext(rec)
+	c.Request = httptest.NewRequest(http.MethodPost, "/api/v1/admin/accounts/1/test", nil)
+	return c, rec
+}
 type openAIAccountTestRepo struct {
 	mockAccountRepoForGemini
 	updatedExtra  map[string]any
@@ -34,7 +79,7 @@ func (r *openAIAccountTestRepo) SetRateLimited(_ context.Context, id int64, rese
 func TestAccountTestService_OpenAISuccessPersistsSnapshotFromHeaders(t *testing.T) {
 	gin.SetMode(gin.TestMode)
-	ctx, recorder := newSoraTestContext()
+	ctx, recorder := newTestContext()
 	resp := newJSONResponse(http.StatusOK, "")
 	resp.Body = io.NopCloser(strings.NewReader(`data: {"type":"response.completed"}
@@ -68,7 +113,7 @@ func TestAccountTestService_OpenAISuccessPersistsSnapshotFromHeaders(t *testing.
 func TestAccountTestService_OpenAI429PersistsSnapshotAndRateLimit(t *testing.T) {
 	gin.SetMode(gin.TestMode)
-	ctx, _ := newSoraTestContext()
+	ctx, _ := newTestContext()
 	resp := newJSONResponse(http.StatusTooManyRequests, `{"error":{"type":"usage_limit_reached","message":"limit reached"}}`)
 	resp.Header.Set("x-codex-primary-used-percent", "100")

--- a/backend/internal/service/account_test_service_sora_test.go
+++ b/backend/internal/service/account_test_service_sora_test.go
-package service
-import (
-	"fmt"
-	"io"
-	"net/http"
-	"net/http/httptest"
-	"strings"
-	"testing"
-	"time"
-	"github.com/Wei-Shaw/sub2api/internal/config"
-	"github.com/Wei-Shaw/sub2api/internal/pkg/tlsfingerprint"
-	"github.com/gin-gonic/gin"
-	"github.com/stretchr/testify/require"
-)
-type queuedHTTPUpstream struct {
-	responses []*http.Response
-	requests  []*http.Request
-	tlsFlags  []bool
-}
-func (u *queuedHTTPUpstream) Do(_ *http.Request, _ string, _ int64, _ int) (*http.Response, error) {
-	return nil, fmt.Errorf("unexpected Do call")
-}
-func (u *queuedHTTPUpstream) DoWithTLS(req *http.Request, _ string, _ int64, _ int, profile *tlsfingerprint.Profile) (*http.Response, error) {
-	u.requests = append(u.requests, req)
-	u.tlsFlags = append(u.tlsFlags, profile != nil)
-	if len(u.responses) == 0 {
-		return nil, fmt.Errorf("no mocked response")
-	}
-	resp := u.responses[0]
-	u.responses = u.responses[1:]
-	return resp, nil
-}
-func newJSONResponse(status int, body string) *http.Response {
-	return &http.Response{
-		StatusCode: status,
-		Header:     make(http.Header),
-		Body:       io.NopCloser(strings.NewReader(body)),
-	}
-}
-func newJSONResponseWithHeader(status int, body, key, value string) *http.Response {
-	resp := newJSONResponse(status, body)
-	resp.Header.Set(key, value)
-	return resp
-}
-func newSoraTestContext() (*gin.Context, *httptest.ResponseRecorder) {
-	gin.SetMode(gin.TestMode)
-	rec := httptest.NewRecorder()
-	c, _ := gin.CreateTestContext(rec)
-	c.Request = httptest.NewRequest(http.MethodPost, "/api/v1/admin/accounts/1/test", nil)
-	return c, rec
-}
-func TestAccountTestService_testSoraAccountConnection_WithSubscription(t *testing.T) {
-	upstream := &queuedHTTPUpstream{
-		responses: []*http.Response{
-			newJSONResponse(http.StatusOK, `{"email":"demo@example.com"}`),
-			newJSONResponse(http.StatusOK, `{"data":[{"plan":{"id":"chatgpt_plus","title":"ChatGPT Plus"},"end_ts":"2026-12-31T00:00:00Z"}]}`),
-			newJSONResponse(http.StatusOK, `{"invite_code":"inv_abc","redeemed_count":3,"total_count":50}`),
-			newJSONResponse(http.StatusOK, `{"rate_limit_and_credit_balance":{"estimated_num_videos_remaining":27,"rate_limit_reached":false,"access_resets_in_seconds":46833}}`),
-		},
-	}
-	svc := &AccountTestService{
-		httpUpstream: upstream,
-		cfg: &config.Config{
-			Gateway: config.GatewayConfig{
-				TLSFingerprint: config.TLSFingerprintConfig{
-					Enabled: true,
-				},
-			},
-			Sora: config.SoraConfig{
-				Client: config.SoraClientConfig{
-					DisableTLSFingerprint: false,
-				},
-			},
-		},
-	}
-	account := &Account{
-		ID:          1,
-		Platform:    PlatformSora,
-		Type:        AccountTypeOAuth,
-		Concurrency: 1,
-		Credentials: map[string]any{
-			"access_token": "test_token",
-		},
-	}
-	c, rec := newSoraTestContext()
-	err := svc.testSoraAccountConnection(c, account)
-	require.NoError(t, err)
-	require.Len(t, upstream.requests, 4)
-	require.Equal(t, soraMeAPIURL, upstream.requests[0].URL.String())
-	require.Equal(t, soraBillingAPIURL, upstream.requests[1].URL.String())
-	require.Equal(t, soraInviteMineURL, upstream.requests[2].URL.String())
-	require.Equal(t, soraRemainingURL, upstream.requests[3].URL.String())
-	require.Equal(t, "Bearer test_token", upstream.requests[0].Header.Get("Authorization"))
-	require.Equal(t, "Bearer test_token", upstream.requests[1].Header.Get("Authorization"))
-	require.Equal(t, []bool{true, true, true, true}, upstream.tlsFlags)
-	body := rec.Body.String()
-	require.Contains(t, body, `"type":"test_start"`)
-	require.Contains(t, body, "Sora connection OK - Email: demo@example.com")
-	require.Contains(t, body, "Subscription: ChatGPT Plus | chatgpt_plus | end=2026-12-31T00:00:00Z")
-	require.Contains(t, body, "Sora2: supported | invite=inv_abc | used=3/50")
-	require.Contains(t, body, "Sora2 remaining: 27 | reset_in=46833s")
-	require.Contains(t, body, `"type":"sora_test_result"`)
-	require.Contains(t, body, `"status":"success"`)
-	require.Contains(t, body, `"type":"test_complete","success":true`)
-}
-func TestAccountTestService_testSoraAccountConnection_SubscriptionFailedStillSuccess(t *testing.T) {
-	upstream := &queuedHTTPUpstream{
-		responses: []*http.Response{
-			newJSONResponse(http.StatusOK, `{"name":"demo-user"}`),
-			newJSONResponse(http.StatusForbidden, `{"error":{"message":"forbidden"}}`),
-			newJSONResponse(http.StatusUnauthorized, `{"error":{"message":"Unauthorized"}}`),
-			newJSONResponse(http.StatusForbidden, `{"error":{"message":"forbidden"}}`),
-		},
-	}
-	svc := &AccountTestService{httpUpstream: upstream}
-	account := &Account{
-		ID:          1,
-		Platform:    PlatformSora,
-		Type:        AccountTypeOAuth,
-		Concurrency: 1,
-		Credentials: map[string]any{
-			"access_token": "test_token",
-		},
-	}
-	c, rec := newSoraTestContext()
-	err := svc.testSoraAccountConnection(c, account)
-	require.NoError(t, err)
-	require.Len(t, upstream.requests, 4)
-	body := rec.Body.String()
-	require.Contains(t, body, "Sora connection OK - User: demo-user")
-	require.Contains(t, body, "Subscription check returned 403")
-	require.Contains(t, body, "Sora2 invite check returned 401")
-	require.Contains(t, body, `"type":"sora_test_result"`)
-	require.Contains(t, body, `"status":"partial_success"`)
-	require.Contains(t, body, `"type":"test_complete","success":true`)
-}
-func TestAccountTestService_testSoraAccountConnection_CloudflareChallenge(t *testing.T) {
-	upstream := &queuedHTTPUpstream{
-		responses: []*http.Response{
-			newJSONResponseWithHeader(http.StatusForbidden, `<!DOCTYPE html><html><head><title>Just a moment...</title></head><body><script>window._cf_chl_opt={};</script><noscript>Enable JavaScript and cookies to continue</noscript></body></html>`, "cf-ray", "9cff2d62d83bb98d"),
-		},
-	}
-	svc := &AccountTestService{httpUpstream: upstream}
-	account := &Account{
-		ID:          1,
-		Platform:    PlatformSora,
-		Type:        AccountTypeOAuth,
-		Concurrency: 1,
-		Credentials: map[string]any{
-			"access_token": "test_token",
-		},
-	}
-	c, rec := newSoraTestContext()
-	err := svc.testSoraAccountConnection(c, account)
-	require.Error(t, err)
-	require.Contains(t, err.Error(), "Cloudflare challenge")
-	require.Contains(t, err.Error(), "cf-ray: 9cff2d62d83bb98d")
-	body := rec.Body.String()
-	require.Contains(t, body, `"type":"error"`)
-	require.Contains(t, body, "Cloudflare challenge")
-	require.Contains(t, body, "cf-ray: 9cff2d62d83bb98d")
-}
-func TestAccountTestService_testSoraAccountConnection_CloudflareChallenge429WithHeader(t *testing.T) {
-	upstream := &queuedHTTPUpstream{
-		responses: []*http.Response{
-			newJSONResponseWithHeader(http.StatusTooManyRequests, `<!DOCTYPE html><html><head><title>Just a moment...</title></head><body></body></html>`, "cf-mitigated", "challenge"),
-		},
-	}
-	svc := &AccountTestService{httpUpstream: upstream}
-	account := &Account{
-		ID:          1,
-		Platform:    PlatformSora,
-		Type:        AccountTypeOAuth,
-		Concurrency: 1,
-		Credentials: map[string]any{
-			"access_token": "test_token",
-		},
-	}
-	c, rec := newSoraTestContext()
-	err := svc.testSoraAccountConnection(c, account)
-	require.Error(t, err)
-	require.Contains(t, err.Error(), "Cloudflare challenge")
-	require.Contains(t, err.Error(), "HTTP 429")
-	body := rec.Body.String()
-	require.Contains(t, body, "Cloudflare challenge")
-}
-func TestAccountTestService_testSoraAccountConnection_TokenInvalidated(t *testing.T) {
-	upstream := &queuedHTTPUpstream{
-		responses: []*http.Response{
-			newJSONResponse(http.StatusUnauthorized, `{"error":{"code":"token_invalidated","message":"Token invalid"}}`),
-		},
-	}
-	svc := &AccountTestService{httpUpstream: upstream}
-	account := &Account{
-		ID:          1,
-		Platform:    PlatformSora,
-		Type:        AccountTypeOAuth,
-		Concurrency: 1,
-		Credentials: map[string]any{
-			"access_token": "test_token",
-		},
-	}
-	c, rec := newSoraTestContext()
-	err := svc.testSoraAccountConnection(c, account)
-	require.Error(t, err)
-	require.Contains(t, err.Error(), "token_invalidated")
-	body := rec.Body.String()
-	require.Contains(t, body, `"type":"sora_test_result"`)
-	require.Contains(t, body, `"status":"failed"`)
-	require.Contains(t, body, "token_invalidated")
-	require.NotContains(t, body, `"type":"test_complete","success":true`)
-}
-func TestAccountTestService_testSoraAccountConnection_RateLimited(t *testing.T) {
-	upstream := &queuedHTTPUpstream{
-		responses: []*http.Response{
-			newJSONResponse(http.StatusOK, `{"email":"demo@example.com"}`),
-		},
-	}
-	svc := &AccountTestService{
-		httpUpstream:     upstream,
-		soraTestCooldown: time.Hour,
-	}
-	account := &Account{
-		ID:          1,
-		Platform:    PlatformSora,
-		Type:        AccountTypeOAuth,
-		Concurrency: 1,
-		Credentials: map[string]any{
-			"access_token": "test_token",
-		},
-	}
-	c1, _ := newSoraTestContext()
-	err := svc.testSoraAccountConnection(c1, account)
-	require.NoError(t, err)
-	c2, rec2 := newSoraTestContext()
-	err = svc.testSoraAccountConnection(c2, account)
-	require.Error(t, err)
-	require.Contains(t, err.Error(), "测试过于频繁")
-	body := rec2.Body.String()
-	require.Contains(t, body, `"type":"sora_test_result"`)
-	require.Contains(t, body, `"code":"test_rate_limited"`)
-	require.Contains(t, body, `"status":"failed"`)
-	require.NotContains(t, body, `"type":"test_complete","success":true`)
-}
-func TestAccountTestService_testSoraAccountConnection_SubscriptionCloudflareChallengeWithRay(t *testing.T) {
-	upstream := &queuedHTTPUpstream{
-		responses: []*http.Response{
-			newJSONResponse(http.StatusOK, `{"name":"demo-user"}`),
-			newJSONResponse(http.StatusForbidden, `<!DOCTYPE html><html><head><title>Just a moment...</title></head><body><script>window._cf_chl_opt={cRay: '9cff2d62d83bb98d'};</script><noscript>Enable JavaScript and cookies to continue</noscript></body></html>`),
-			newJSONResponse(http.StatusForbidden, `<!DOCTYPE html><html><head><title>Just a moment...</title></head><body><script>window._cf_chl_opt={cRay: '9cff2d62d83bb98d'};</script><noscript>Enable JavaScript and cookies to continue</noscript></body></html>`),
-		},
-	}
-	svc := &AccountTestService{httpUpstream: upstream}
-	account := &Account{
-		ID:          1,
-		Platform:    PlatformSora,
-		Type:        AccountTypeOAuth,
-		Concurrency: 1,
-		Credentials: map[string]any{
-			"access_token": "test_token",
-		},
-	}
-	c, rec := newSoraTestContext()
-	err := svc.testSoraAccountConnection(c, account)
-	require.NoError(t, err)
-	body := rec.Body.String()
-	require.Contains(t, body, "Subscription check blocked by Cloudflare challenge (HTTP 403)")
-	require.Contains(t, body, "Sora2 invite check blocked by Cloudflare challenge (HTTP 403)")
-	require.Contains(t, body, "cf-ray: 9cff2d62d83bb98d")
-	require.Contains(t, body, `"type":"test_complete","success":true`)
-}
-func TestSanitizeProxyURLForLog(t *testing.T) {
-	require.Equal(t, "http://proxy.example.com:8080", sanitizeProxyURLForLog("http://user:pass@proxy.example.com:8080"))
-	require.Equal(t, "", sanitizeProxyURLForLog(""))
-	require.Equal(t, "<invalid_proxy_url>", sanitizeProxyURLForLog("://invalid"))
-}
-func TestExtractSoraEgressIPHint(t *testing.T) {
-	h := make(http.Header)
-	h.Set("x-openai-public-ip", "203.0.113.10")
-	require.Equal(t, "203.0.113.10", extractSoraEgressIPHint(h))
-	h2 := make(http.Header)
-	h2.Set("x-envoy-external-address", "198.51.100.9")
-	require.Equal(t, "198.51.100.9", extractSoraEgressIPHint(h2))
-	require.Equal(t, "unknown", extractSoraEgressIPHint(nil))
-	require.Equal(t, "unknown", extractSoraEgressIPHint(http.Header{}))
-}
--- a/backend/internal/service/admin_service.go
+++ b/backend/internal/service/admin_service.go
@@ -15,7 +15,7 @@ import (
 	"github.com/Wei-Shaw/sub2api/internal/pkg/httpclient"
 	"github.com/Wei-Shaw/sub2api/internal/pkg/logger"
 	"github.com/Wei-Shaw/sub2api/internal/pkg/pagination"
-	"github.com/Wei-Shaw/sub2api/internal/util/soraerror"
+	"github.com/Wei-Shaw/sub2api/internal/util/httputil"
 )
 // AdminService interface defines admin management operations
@@ -104,14 +104,13 @@ type AdminService interface {
 // CreateUserInput represents input for creating a new user via admin operations.
 type CreateUserInput struct {
-	Email                 string
+	Email         string
-	Password              string
+	Password      string
-	Username              string
+	Username      string
-	Notes                 string
+	Notes         string
-	Balance               float64
+	Balance       float64
-	Concurrency           int
+	Concurrency   int
-	AllowedGroups         []int64
+	AllowedGroups []int64
-	SoraStorageQuotaBytes int64
 }
 type UpdateUserInput struct {
@@ -125,8 +124,7 @@ type UpdateUserInput struct {
 	AllowedGroups *[]int64 // 使用指针区分"未提供"和"设置为空数组"
 	// GroupRates 用户专属分组倍率配置
 	// map[groupID]*rate，nil 表示删除该分组的专属倍率
-	GroupRates            map[int64]*float64
+	GroupRates map[int64]*float64
-	SoraStorageQuotaBytes *int64
 }
 type CreateGroupInput struct {
@@ -140,16 +138,11 @@ type CreateGroupInput struct {
 	WeeklyLimitUSD   *float64 // 周限额 (USD)
 	MonthlyLimitUSD  *float64 // 月限额 (USD)
 	// 图片生成计费配置（仅 antigravity 平台使用）
-	ImagePrice1K *float64
+	ImagePrice1K    *float64
-	ImagePrice2K *float64
+	ImagePrice2K    *float64
-	ImagePrice4K *float64
+	ImagePrice4K    *float64
-	// Sora 按次计费配置
+	ClaudeCodeOnly  bool   // 仅允许 Claude Code 客户端
-	SoraImagePrice360          *float64
+	FallbackGroupID *int64 // 降级分组 ID
-	SoraImagePrice540          *float64
-	SoraVideoPricePerRequest   *float64
-	SoraVideoPricePerRequestHD *float64
-	ClaudeCodeOnly             bool   // 仅允许 Claude Code 客户端
-	FallbackGroupID            *int64 // 降级分组 ID
 	// 无效请求兜底分组 ID（仅 anthropic 平台使用）
 	FallbackGroupIDOnInvalidRequest *int64
 	// 模型路由配置（仅 anthropic 平台使用）
@@ -158,8 +151,6 @@ type CreateGroupInput struct {
 	MCPXMLInject        *bool
 	// 支持的模型系列（仅 antigravity 平台使用）
 	SupportedModelScopes []string
-	// Sora 存储配额
-	SoraStorageQuotaBytes int64
 	// OpenAI Messages 调度配置（仅 openai 平台使用）
 	AllowMessagesDispatch bool
 	DefaultMappedModel    string
@@ -181,16 +172,11 @@ type UpdateGroupInput struct {
 	WeeklyLimitUSD   *float64 // 周限额 (USD)
 	MonthlyLimitUSD  *float64 // 月限额 (USD)
 	// 图片生成计费配置（仅 antigravity 平台使用）
-	ImagePrice1K *float64
+	ImagePrice1K    *float64
-	ImagePrice2K *float64
+	ImagePrice2K    *float64
-	ImagePrice4K *float64
+	ImagePrice4K    *float64
-	// Sora 按次计费配置
+	ClaudeCodeOnly  *bool  // 仅允许 Claude Code 客户端
-	SoraImagePrice360          *float64
+	FallbackGroupID *int64 // 降级分组 ID
-	SoraImagePrice540          *float64
-	SoraVideoPricePerRequest   *float64
-	SoraVideoPricePerRequestHD *float64
-	ClaudeCodeOnly             *bool  // 仅允许 Claude Code 客户端
-	FallbackGroupID            *int64 // 降级分组 ID
 	// 无效请求兜底分组 ID（仅 anthropic 平台使用）
 	FallbackGroupIDOnInvalidRequest *int64
 	// 模型路由配置（仅 anthropic 平台使用）
@@ -199,8 +185,6 @@ type UpdateGroupInput struct {
 	MCPXMLInject        *bool
 	// 支持的模型系列（仅 antigravity 平台使用）
 	SupportedModelScopes *[]string
-	// Sora 存储配额
-	SoraStorageQuotaBytes *int64
 	// OpenAI Messages 调度配置（仅 openai 平台使用）
 	AllowMessagesDispatch *bool
 	DefaultMappedModel    *string
@@ -426,14 +410,6 @@ var proxyQualityTargets = []proxyQualityTarget{
 			http.StatusOK: {},
 		},
 	},
-	{
-		Target: "sora",
-		URL:    "https://sora.chatgpt.com/backend/me",
-		Method: http.MethodGet,
-		AllowedStatuses: map[int]struct{}{
-			http.StatusUnauthorized: {},
-		},
-	},
 }
 const (
@@ -448,7 +424,6 @@ type adminServiceImpl struct {
 	userRepo             UserRepository
 	groupRepo            GroupRepository
 	accountRepo          AccountRepository
-	soraAccountRepo      SoraAccountRepository // Sora 账号扩展表仓储
 	proxyRepo            ProxyRepository
 	apiKeyRepo           APIKeyRepository
 	redeemCodeRepo       RedeemCodeRepository
@@ -473,7 +448,6 @@ func NewAdminService(
 	userRepo UserRepository,
 	groupRepo GroupRepository,
 	accountRepo AccountRepository,
-	soraAccountRepo SoraAccountRepository,
 	proxyRepo ProxyRepository,
 	apiKeyRepo APIKeyRepository,
 	redeemCodeRepo RedeemCodeRepository,
@@ -492,7 +466,6 @@ func NewAdminService(
 		userRepo:             userRepo,
 		groupRepo:            groupRepo,
 		accountRepo:          accountRepo,
-		soraAccountRepo:      soraAccountRepo,
 		proxyRepo:            proxyRepo,
 		apiKeyRepo:           apiKeyRepo,
 		redeemCodeRepo:       redeemCodeRepo,
@@ -574,15 +547,14 @@ func (s *adminServiceImpl) GetUser(ctx context.Context, id int64) (*User, error)
 func (s *adminServiceImpl) CreateUser(ctx context.Context, input *CreateUserInput) (*User, error) {
 	user := &User{
-		Email:                 input.Email,
+		Email:         input.Email,
-		Username:              input.Username,
+		Username:      input.Username,
-		Notes:                 input.Notes,
+		Notes:         input.Notes,
-		Role:                  RoleUser, // Always create as regular user, never admin
+		Role:          RoleUser, // Always create as regular user, never admin
-		Balance:               input.Balance,
+		Balance:       input.Balance,
-		Concurrency:           input.Concurrency,
+		Concurrency:   input.Concurrency,
-		Status:                StatusActive,
+		Status:        StatusActive,
-		AllowedGroups:         input.AllowedGroups,
+		AllowedGroups: input.AllowedGroups,
-		SoraStorageQuotaBytes: input.SoraStorageQuotaBytes,
 	}
 	if err := user.SetPassword(input.Password); err != nil {
 		return nil, err
@@ -654,10 +626,6 @@ func (s *adminServiceImpl) UpdateUser(ctx context.Context, id int64, input *Upda
 		user.AllowedGroups = *input.AllowedGroups
 	}
-	if input.SoraStorageQuotaBytes != nil {
-		user.SoraStorageQuotaBytes = *input.SoraStorageQuotaBytes
-	}
 	if err := s.userRepo.Update(ctx, user); err != nil {
 		return nil, err
 	}
@@ -860,10 +828,6 @@ func (s *adminServiceImpl) CreateGroup(ctx context.Context, input *CreateGroupIn
 	imagePrice1K := normalizePrice(input.ImagePrice1K)
 	imagePrice2K := normalizePrice(input.ImagePrice2K)
 	imagePrice4K := normalizePrice(input.ImagePrice4K)
-	soraImagePrice360 := normalizePrice(input.SoraImagePrice360)
-	soraImagePrice540 := normalizePrice(input.SoraImagePrice540)
-	soraVideoPrice := normalizePrice(input.SoraVideoPricePerRequest)
-	soraVideoPriceHD := normalizePrice(input.SoraVideoPricePerRequestHD)
 	// 校验降级分组
 	if input.FallbackGroupID != nil {
@@ -934,17 +898,12 @@ func (s *adminServiceImpl) CreateGroup(ctx context.Context, input *CreateGroupIn
 		ImagePrice1K:                    imagePrice1K,
 		ImagePrice2K:                    imagePrice2K,
 		ImagePrice4K:                    imagePrice4K,
-		SoraImagePrice360:               soraImagePrice360,
-		SoraImagePrice540:               soraImagePrice540,
-		SoraVideoPricePerRequest:        soraVideoPrice,
-		SoraVideoPricePerRequestHD:      soraVideoPriceHD,
 		ClaudeCodeOnly:                  input.ClaudeCodeOnly,
 		FallbackGroupID:                 input.FallbackGroupID,
 		FallbackGroupIDOnInvalidRequest: fallbackOnInvalidRequest,
 		ModelRouting:                    input.ModelRouting,
 		MCPXMLInject:                    mcpXMLInject,
 		SupportedModelScopes:            input.SupportedModelScopes,
-		SoraStorageQuotaBytes:           input.SoraStorageQuotaBytes,
 		AllowMessagesDispatch:           input.AllowMessagesDispatch,
 		RequireOAuthOnly:                input.RequireOAuthOnly,
 		RequirePrivacySet:               input.RequirePrivacySet,
@@ -1115,21 +1074,6 @@ func (s *adminServiceImpl) UpdateGroup(ctx context.Context, id int64, input *Upd
 	if input.ImagePrice4K != nil {
 		group.ImagePrice4K = normalizePrice(input.ImagePrice4K)
 	}
-	if input.SoraImagePrice360 != nil {
-		group.SoraImagePrice360 = normalizePrice(input.SoraImagePrice360)
-	}
-	if input.SoraImagePrice540 != nil {
-		group.SoraImagePrice540 = normalizePrice(input.SoraImagePrice540)
-	}
-	if input.SoraVideoPricePerRequest != nil {
-		group.SoraVideoPricePerRequest = normalizePrice(input.SoraVideoPricePerRequest)
-	}
-	if input.SoraVideoPricePerRequestHD != nil {
-		group.SoraVideoPricePerRequestHD = normalizePrice(input.SoraVideoPricePerRequestHD)
-	}
-	if input.SoraStorageQuotaBytes != nil {
-		group.SoraStorageQuotaBytes = *input.SoraStorageQuotaBytes
-	}
 	// Claude Code 客户端限制
 	if input.ClaudeCodeOnly != nil {
@@ -1566,18 +1510,6 @@ func (s *adminServiceImpl) CreateAccount(ctx context.Context, input *CreateAccou
 		}
 	}
-	// Sora apikey 账号的 base_url 必填校验
-	if input.Platform == PlatformSora && input.Type == AccountTypeAPIKey {
-		baseURL, _ := input.Credentials["base_url"].(string)
-		baseURL = strings.TrimSpace(baseURL)
-		if baseURL == "" {
-			return nil, errors.New("sora apikey 账号必须设置 base_url")
-		}
-		if !strings.HasPrefix(baseURL, "http://") && !strings.HasPrefix(baseURL, "https://") {
-			return nil, errors.New("base_url 必须以 http:// 或 https:// 开头")
-		}
-	}
 	account := &Account{
 		Name:        input.Name,
 		Notes:       normalizeAccountNotes(input.Notes),
@@ -1623,18 +1555,6 @@ func (s *adminServiceImpl) CreateAccount(ctx context.Context, input *CreateAccou
 		return nil, err
 	}
-	// 如果是 Sora 平台账号，自动创建 sora_accounts 扩展表记录
-	if account.Platform == PlatformSora && s.soraAccountRepo != nil {
-		soraUpdates := map[string]any{
-			"access_token":  account.GetCredential("access_token"),
-			"refresh_token": account.GetCredential("refresh_token"),
-		}
-		if err := s.soraAccountRepo.Upsert(ctx, account.ID, soraUpdates); err != nil {
-			// 只记录警告日志，不阻塞账号创建
-			logger.LegacyPrintf("service.admin", "[AdminService] 创建 sora_accounts 记录失败: account_id=%d err=%v", account.ID, err)
-		}
-	}
 	// 绑定分组
 	if len(groupIDs) > 0 {
 		if err := s.accountRepo.BindGroups(ctx, account.ID, groupIDs); err != nil {
@@ -1763,18 +1683,6 @@ func (s *adminServiceImpl) UpdateAccount(ctx context.Context, id int64, input *U
 		account.AutoPauseOnExpired = *input.AutoPauseOnExpired
 	}
-	// Sora apikey 账号的 base_url 必填校验
-	if account.Platform == PlatformSora && account.Type == AccountTypeAPIKey {
-		baseURL, _ := account.Credentials["base_url"].(string)
-		baseURL = strings.TrimSpace(baseURL)
-		if baseURL == "" {
-			return nil, errors.New("sora apikey 账号必须设置 base_url")
-		}
-		if !strings.HasPrefix(baseURL, "http://") && !strings.HasPrefix(baseURL, "https://") {
-			return nil, errors.New("base_url 必须以 http:// 或 https:// 开头")
-		}
-	}
 	// 先验证分组是否存在（在任何写操作之前）
 	if input.GroupIDs != nil {
 		if err := s.validateGroupIDsExist(ctx, *input.GroupIDs); err != nil {
@@ -2377,10 +2285,11 @@ func runProxyQualityTarget(ctx context.Context, client *http.Client, target prox
 		body = body[:proxyQualityMaxBodyBytes]
 	}
-	if target.Target == "sora" && soraerror.IsCloudflareChallengeResponse(resp.StatusCode, resp.Header, body) {
+	// Cloudflare challenge 检测
+	if httputil.IsCloudflareChallengeResponse(resp.StatusCode, resp.Header, body) {
 		item.Status = "challenge"
-		item.CFRay = soraerror.ExtractCloudflareRayID(resp.Header, body)
+		item.CFRay = httputil.ExtractCloudflareRayID(resp.Header, body)
-		item.Message = "Sora 命中 Cloudflare challenge"
+		item.Message = "命中 Cloudflare challenge"
 		return item
 	}

--- a/backend/internal/service/admin_service_proxy_quality_test.go
+++ b/backend/internal/service/admin_service_proxy_quality_test.go
@@ -27,7 +27,7 @@ func TestFinalizeProxyQualityResult_ScoreAndGrade(t *testing.T) {
 	require.Contains(t, result.Summary, "挑战 1 项")
 }
-func TestRunProxyQualityTarget_SoraChallenge(t *testing.T) {
+func TestRunProxyQualityTarget_CloudflareChallenge(t *testing.T) {
 	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
 		w.Header().Set("Content-Type", "text/html")
 		w.Header().Set("cf-ray", "test-ray-123")
@@ -37,7 +37,7 @@ func TestRunProxyQualityTarget_SoraChallenge(t *testing.T) {
 	defer server.Close()
 	target := proxyQualityTarget{
-		Target: "sora",
+		Target: "openai",
 		URL:    server.URL,
 		Method: http.MethodGet,
 		AllowedStatuses: map[int]struct{}{

--- a/backend/internal/service/antigravity_smart_retry_test.go
+++ b/backend/internal/service/antigravity_smart_retry_test.go
@@ -5,13 +5,12 @@ package service
 import (
 	"bytes"
 	"context"
+	"github.com/Wei-Shaw/sub2api/internal/pkg/tlsfingerprint"
+	"github.com/stretchr/testify/require"
 	"io"
 	"net/http"
 	"strings"
 	"testing"
-	"github.com/Wei-Shaw/sub2api/internal/pkg/tlsfingerprint"
-	"github.com/stretchr/testify/require"
 )
 // stubSmartRetryCache 用于 handleSmartRetry 测试的 GatewayCache mock
@@ -81,17 +80,12 @@ func (m *mockSmartRetryUpstream) Do(req *http.Request, proxyURL string, accountI
 		m.responseBodies[respIdx] = bodyBytes
 	}
-	// 用缓存的 body 字节重建新的 reader
+	// 用缓存的 body 重建 reader（支持重试场景多次读取）
-	var body io.ReadCloser
+	cloned := *resp
 	if m.responseBodies[respIdx] != nil {
-		body = io.NopCloser(bytes.NewReader(m.responseBodies[respIdx]))
+		cloned.Body = io.NopCloser(bytes.NewReader(m.responseBodies[respIdx]))
 	}
+	return &cloned, respErr
-	return &http.Response{
-		StatusCode: resp.StatusCode,
-		Header:     resp.Header.Clone(),
-		Body:       body,
-	}, respErr
 }
 func (m *mockSmartRetryUpstream) DoWithTLS(req *http.Request, proxyURL string, accountID int64, accountConcurrency int, profile *tlsfingerprint.Profile) (*http.Response, error) {

--- a/backend/internal/service/api_key_auth_cache.go
+++ b/backend/internal/service/api_key_auth_cache.go
@@ -49,10 +49,6 @@ type APIKeyAuthGroupSnapshot struct {
 	ImagePrice1K                    *float64 `json:"image_price_1k,omitempty"`
 	ImagePrice2K                    *float64 `json:"image_price_2k,omitempty"`
 	ImagePrice4K                    *float64 `json:"image_price_4k,omitempty"`
-	SoraImagePrice360               *float64 `json:"sora_image_price_360,omitempty"`
-	SoraImagePrice540               *float64 `json:"sora_image_price_540,omitempty"`
-	SoraVideoPricePerRequest        *float64 `json:"sora_video_price_per_request,omitempty"`
-	SoraVideoPricePerRequestHD      *float64 `json:"sora_video_price_per_request_hd,omitempty"`
 	ClaudeCodeOnly                  bool     `json:"claude_code_only"`
 	FallbackGroupID                 *int64   `json:"fallback_group_id,omitempty"`
 	FallbackGroupIDOnInvalidRequest *int64   `json:"fallback_group_id_on_invalid_request,omitempty"`

--- a/backend/internal/service/api_key_auth_cache_impl.go
+++ b/backend/internal/service/api_key_auth_cache_impl.go
@@ -234,10 +234,6 @@ func (s *APIKeyService) snapshotFromAPIKey(apiKey *APIKey) *APIKeyAuthSnapshot {
 			ImagePrice1K:                    apiKey.Group.ImagePrice1K,
 			ImagePrice2K:                    apiKey.Group.ImagePrice2K,
 			ImagePrice4K:                    apiKey.Group.ImagePrice4K,
-			SoraImagePrice360:               apiKey.Group.SoraImagePrice360,
-			SoraImagePrice540:               apiKey.Group.SoraImagePrice540,
-			SoraVideoPricePerRequest:        apiKey.Group.SoraVideoPricePerRequest,
-			SoraVideoPricePerRequestHD:      apiKey.Group.SoraVideoPricePerRequestHD,
 			ClaudeCodeOnly:                  apiKey.Group.ClaudeCodeOnly,
 			FallbackGroupID:                 apiKey.Group.FallbackGroupID,
 			FallbackGroupIDOnInvalidRequest: apiKey.Group.FallbackGroupIDOnInvalidRequest,
@@ -293,10 +289,6 @@ func (s *APIKeyService) snapshotToAPIKey(key string, snapshot *APIKeyAuthSnapsho
 			ImagePrice1K:                    snapshot.Group.ImagePrice1K,
 			ImagePrice2K:                    snapshot.Group.ImagePrice2K,
 			ImagePrice4K:                    snapshot.Group.ImagePrice4K,
-			SoraImagePrice360:               snapshot.Group.SoraImagePrice360,
-			SoraImagePrice540:               snapshot.Group.SoraImagePrice540,
-			SoraVideoPricePerRequest:        snapshot.Group.SoraVideoPricePerRequest,
-			SoraVideoPricePerRequestHD:      snapshot.Group.SoraVideoPricePerRequestHD,
 			ClaudeCodeOnly:                  snapshot.Group.ClaudeCodeOnly,
 			FallbackGroupID:                 snapshot.Group.FallbackGroupID,
 			FallbackGroupIDOnInvalidRequest: snapshot.Group.FallbackGroupIDOnInvalidRequest,

--- a/backend/internal/service/billing_service.go
+++ b/backend/internal/service/billing_service.go
@@ -808,14 +808,6 @@ type ImagePriceConfig struct {
 	Price4K *float64 // 4K 尺寸价格（nil 表示使用默认值）
 }
-// SoraPriceConfig Sora 按次计费配置
-type SoraPriceConfig struct {
-	ImagePrice360          *float64
-	ImagePrice540          *float64
-	VideoPricePerRequest   *float64
-	VideoPricePerRequestHD *float64
-}
 // CalculateImageCost 计算图片生成费用
 // model: 请求的模型名称（用于获取 LiteLLM 默认价格）
 // imageSize: 图片尺寸 "1K", "2K", "4K"
@@ -846,65 +838,6 @@ func (s *BillingService) CalculateImageCost(model string, imageSize string, imag
 	}
 }
-// CalculateSoraImageCost 计算 Sora 图片按次费用
-func (s *BillingService) CalculateSoraImageCost(imageSize string, imageCount int, groupConfig *SoraPriceConfig, rateMultiplier float64) *CostBreakdown {
-	if imageCount <= 0 {
-		return &CostBreakdown{}
-	}
-	unitPrice := 0.0
-	if groupConfig != nil {
-		switch imageSize {
-		case "540":
-			if groupConfig.ImagePrice540 != nil {
-				unitPrice = *groupConfig.ImagePrice540
-			}
-		default:
-			if groupConfig.ImagePrice360 != nil {
-				unitPrice = *groupConfig.ImagePrice360
-			}
-		}
-	}
-	totalCost := unitPrice * float64(imageCount)
-	if rateMultiplier <= 0 {
-		rateMultiplier = 1.0
-	}
-	actualCost := totalCost * rateMultiplier
-	return &CostBreakdown{
-		TotalCost:  totalCost,
-		ActualCost: actualCost,
-	}
-}
-// CalculateSoraVideoCost 计算 Sora 视频按次费用
-func (s *BillingService) CalculateSoraVideoCost(model string, groupConfig *SoraPriceConfig, rateMultiplier float64) *CostBreakdown {
-	unitPrice := 0.0
-	if groupConfig != nil {
-		modelLower := strings.ToLower(model)
-		if strings.Contains(modelLower, "sora2pro-hd") {
-			if groupConfig.VideoPricePerRequestHD != nil {
-				unitPrice = *groupConfig.VideoPricePerRequestHD
-			}
-		}
-		if unitPrice <= 0 && groupConfig.VideoPricePerRequest != nil {
-			unitPrice = *groupConfig.VideoPricePerRequest
-		}
-	}
-	totalCost := unitPrice
-	if rateMultiplier <= 0 {
-		rateMultiplier = 1.0
-	}
-	actualCost := totalCost * rateMultiplier
-	return &CostBreakdown{
-		TotalCost:  totalCost,
-		ActualCost: actualCost,
-	}
-}
 // getImageUnitPrice 获取图片单价
 func (s *BillingService) getImageUnitPrice(model string, imageSize string, groupConfig *ImagePriceConfig) float64 {
 	// 优先使用分组配置的价格

--- a/backend/internal/service/billing_service_test.go
+++ b/backend/internal/service/billing_service_test.go
@@ -363,28 +363,6 @@ func TestCalculateImageCost(t *testing.T) {
 	require.InDelta(t, 0.134*3, cost.ActualCost, 1e-10)
 }
-func TestCalculateSoraVideoCost(t *testing.T) {
-	svc := newTestBillingService()
-	price := 0.5
-	cfg := &SoraPriceConfig{VideoPricePerRequest: &price}
-	cost := svc.CalculateSoraVideoCost("sora-video", cfg, 1.0)
-	require.InDelta(t, 0.5, cost.TotalCost, 1e-10)
-}
-func TestCalculateSoraVideoCost_HDModel(t *testing.T) {
-	svc := newTestBillingService()
-	hdPrice := 1.0
-	normalPrice := 0.5
-	cfg := &SoraPriceConfig{
-		VideoPricePerRequest:   &normalPrice,
-		VideoPricePerRequestHD: &hdPrice,
-	}
-	cost := svc.CalculateSoraVideoCost("sora2pro-hd", cfg, 1.0)
-	require.InDelta(t, 1.0, cost.TotalCost, 1e-10)
-}
 func TestIsModelSupported(t *testing.T) {
 	svc := newTestBillingService()
@@ -464,33 +442,6 @@ func TestForceUpdatePricing_NilService(t *testing.T) {
 	require.Contains(t, err.Error(), "not initialized")
 }
-func TestCalculateSoraImageCost(t *testing.T) {
-	svc := newTestBillingService()
-	price360 := 0.05
-	price540 := 0.08
-	cfg := &SoraPriceConfig{ImagePrice360: &price360, ImagePrice540: &price540}
-	cost := svc.CalculateSoraImageCost("360", 2, cfg, 1.0)
-	require.InDelta(t, 0.10, cost.TotalCost, 1e-10)
-	cost540 := svc.CalculateSoraImageCost("540", 1, cfg, 2.0)
-	require.InDelta(t, 0.08, cost540.TotalCost, 1e-10)
-	require.InDelta(t, 0.16, cost540.ActualCost, 1e-10)
-}
-func TestCalculateSoraImageCost_ZeroCount(t *testing.T) {
-	svc := newTestBillingService()
-	cost := svc.CalculateSoraImageCost("360", 0, nil, 1.0)
-	require.Equal(t, 0.0, cost.TotalCost)
-}
-func TestCalculateSoraVideoCost_NilConfig(t *testing.T) {
-	svc := newTestBillingService()
-	cost := svc.CalculateSoraVideoCost("sora-video", nil, 1.0)
-	require.Equal(t, 0.0, cost.TotalCost)
-}
 func TestCalculateCostWithLongContext_PropagatesError(t *testing.T) {
 	// 使用空的 fallback prices 让 GetModelPricing 失败
 	svc := &BillingService{

--- a/backend/internal/service/domain_constants.go
+++ b/backend/internal/service/domain_constants.go
@@ -24,7 +24,6 @@ const (
 	PlatformOpenAI      = domain.PlatformOpenAI
 	PlatformGemini      = domain.PlatformGemini
 	PlatformAntigravity = domain.PlatformAntigravity
-	PlatformSora        = domain.PlatformSora
 )
 // Account type constants
@@ -107,7 +106,6 @@ const (
 	SettingKeyLinuxDoConnectRedirectURL  = "linuxdo_connect_redirect_url"
 	// OEM设置
-	SettingKeySoraClientEnabled           = "sora_client_enabled"           // 是否启用 Sora 客户端（管理员手动控制）
 	SettingKeySiteName                    = "site_name"                     // 网站名称
 	SettingKeySiteLogo                    = "site_logo"                     // 网站Logo (base64)
 	SettingKeySiteSubtitle                = "site_subtitle"                 // 网站副标题
@@ -199,27 +197,6 @@ const (
 	// SettingKeyBetaPolicySettings stores JSON config for beta policy rules.
 	SettingKeyBetaPolicySettings = "beta_policy_settings"
-	// =========================
-	// Sora S3 存储配置
-	// =========================
-	SettingKeySoraS3Enabled         = "sora_s3_enabled"           // 是否启用 Sora S3 存储
-	SettingKeySoraS3Endpoint        = "sora_s3_endpoint"          // S3 端点地址
-	SettingKeySoraS3Region          = "sora_s3_region"            // S3 区域
-	SettingKeySoraS3Bucket          = "sora_s3_bucket"            // S3 存储桶名称
-	SettingKeySoraS3AccessKeyID     = "sora_s3_access_key_id"     // S3 Access Key ID
-	SettingKeySoraS3SecretAccessKey = "sora_s3_secret_access_key" // S3 Secret Access Key（加密存储）
-	SettingKeySoraS3Prefix          = "sora_s3_prefix"            // S3 对象键前缀
-	SettingKeySoraS3ForcePathStyle  = "sora_s3_force_path_style"  // 是否强制 Path Style（兼容 MinIO 等）
-	SettingKeySoraS3CDNURL          = "sora_s3_cdn_url"           // CDN 加速 URL（可选）
-	SettingKeySoraS3Profiles        = "sora_s3_profiles"          // Sora S3 多配置（JSON）
-	// =========================
-	// Sora 用户存储配额
-	// =========================
-	SettingKeySoraDefaultStorageQuotaBytes = "sora_default_storage_quota_bytes" // 新用户默认 Sora 存储配额（字节）
 	// =========================
 	// Claude Code Version Check
 	// =========================

--- a/backend/internal/service/gateway_service.go
+++ b/backend/internal/service/gateway_service.go
@@ -60,13 +60,6 @@ const (
 	claudeMimicDebugInfoKey = "claude_mimic_debug_info"
 )
-// MediaType 媒体类型常量
-const (
-	MediaTypeImage  = "image"
-	MediaTypeVideo  = "video"
-	MediaTypePrompt = "prompt"
-)
 // ForceCacheBillingContextKey 强制缓存计费上下文键
 // 用于粘性会话切换时，将 input_tokens 转为 cache_read_input_tokens 计费
 type forceCacheBillingKeyType struct{}
@@ -511,9 +504,6 @@ type ForwardResult struct {
 	ImageCount int    // 生成的图片数量
 	ImageSize  string // 图片尺寸 "1K", "2K", "4K"
-	// Sora 媒体字段
-	MediaType string // image / video / prompt
-	MediaURL  string // 生成后的媒体地址（可选）
 }
 // UpstreamFailoverError indicates an upstream error that should trigger account failover.
@@ -1971,9 +1961,6 @@ func (s *GatewayService) resolvePlatform(ctx context.Context, groupID *int64, gr
 }
 func (s *GatewayService) listSchedulableAccounts(ctx context.Context, groupID *int64, platform string, hasForcePlatform bool) ([]Account, bool, error) {
-	if platform == PlatformSora {
-		return s.listSoraSchedulableAccounts(ctx, groupID)
-	}
 	if s.schedulerSnapshot != nil {
 		accounts, useMixed, err := s.schedulerSnapshot.ListSchedulableAccounts(ctx, groupID, platform, hasForcePlatform)
 		if err == nil {
@@ -2070,53 +2057,6 @@ func (s *GatewayService) listSchedulableAccounts(ctx context.Context, groupID *i
 	return accounts, useMixed, nil
 }
-func (s *GatewayService) listSoraSchedulableAccounts(ctx context.Context, groupID *int64) ([]Account, bool, error) {
-	const useMixed = false
-	var accounts []Account
-	var err error
-	if s.cfg != nil && s.cfg.RunMode == config.RunModeSimple {
-		accounts, err = s.accountRepo.ListByPlatform(ctx, PlatformSora)
-	} else if groupID != nil {
-		accounts, err = s.accountRepo.ListByGroup(ctx, *groupID)
-	} else {
-		accounts, err = s.accountRepo.ListByPlatform(ctx, PlatformSora)
-	}
-	if err != nil {
-		slog.Debug("account_scheduling_list_failed",
-			"group_id", derefGroupID(groupID),
-			"platform", PlatformSora,
-			"error", err)
-		return nil, useMixed, err
-	}
-	filtered := make([]Account, 0, len(accounts))
-	for _, acc := range accounts {
-		if acc.Platform != PlatformSora {
-			continue
-		}
-		if !s.isSoraAccountSchedulable(&acc) {
-			continue
-		}
-		filtered = append(filtered, acc)
-	}
-	slog.Debug("account_scheduling_list_sora",
-		"group_id", derefGroupID(groupID),
-		"platform", PlatformSora,
-		"raw_count", len(accounts),
-		"filtered_count", len(filtered))
-	for _, acc := range filtered {
-		slog.Debug("account_scheduling_account_detail",
-			"account_id", acc.ID,
-			"name", acc.Name,
-			"platform", acc.Platform,
-			"type", acc.Type,
-			"status", acc.Status,
-			"tls_fingerprint", acc.IsTLSFingerprintEnabled())
-	}
-	return filtered, useMixed, nil
-}
 // IsSingleAntigravityAccountGroup 检查指定分组是否只有一个 antigravity 平台的可调度账号。
 // 用于 Handler 层在首次请求时提前设置 SingleAccountRetry context，
 // 避免单账号分组收到 503 时错误地设置模型限流标记导致后续请求连续快速失败。
@@ -2141,33 +2081,10 @@ func (s *GatewayService) isAccountAllowedForPlatform(account *Account, platform
 	return account.Platform == platform
 }
-func (s *GatewayService) isSoraAccountSchedulable(account *Account) bool {
-	return s.soraUnschedulableReason(account) == ""
-}
-func (s *GatewayService) soraUnschedulableReason(account *Account) string {
-	if account == nil {
-		return "account_nil"
-	}
-	if account.Status != StatusActive {
-		return fmt.Sprintf("status=%s", account.Status)
-	}
-	if !account.Schedulable {
-		return "schedulable=false"
-	}
-	if account.TempUnschedulableUntil != nil && time.Now().Before(*account.TempUnschedulableUntil) {
-		return fmt.Sprintf("temp_unschedulable_until=%s", account.TempUnschedulableUntil.UTC().Format(time.RFC3339))
-	}
-	return ""
-}
 func (s *GatewayService) isAccountSchedulableForSelection(account *Account) bool {
 	if account == nil {
 		return false
 	}
-	if account.Platform == PlatformSora {
-		return s.isSoraAccountSchedulable(account)
-	}
 	return account.IsSchedulable()
 }
@@ -2175,12 +2092,6 @@ func (s *GatewayService) isAccountSchedulableForModelSelection(ctx context.Conte
 	if account == nil {
 		return false
 	}
-	if account.Platform == PlatformSora {
-		if !s.isSoraAccountSchedulable(account) {
-			return false
-		}
-		return account.GetRateLimitRemainingTimeWithContext(ctx, requestedModel) <= 0
-	}
 	return account.IsSchedulableForModelWithContext(ctx, requestedModel)
 }
@@ -3357,9 +3268,6 @@ func (s *GatewayService) logDetailedSelectionFailure(
 		stats.SampleMappingIDs,
 		stats.SampleRateLimitIDs,
 	)
-	if platform == PlatformSora {
-		s.logSoraSelectionFailureDetails(ctx, groupID, sessionHash, requestedModel, accounts, excludedIDs, allowMixedScheduling)
-	}
 	return stats
 }
@@ -3416,11 +3324,7 @@ func (s *GatewayService) diagnoseSelectionFailure(
 		return selectionFailureDiagnosis{Category: "excluded"}
 	}
 	if !s.isAccountSchedulableForSelection(acc) {
-		detail := "generic_unschedulable"
+		return selectionFailureDiagnosis{Category: "unschedulable", Detail: "generic_unschedulable"}
-		if acc.Platform == PlatformSora {
-			detail = s.soraUnschedulableReason(acc)
-		}
-		return selectionFailureDiagnosis{Category: "unschedulable", Detail: detail}
 	}
 	if isPlatformFilteredForSelection(acc, platform, allowMixedScheduling) {
 		return selectionFailureDiagnosis{
@@ -3444,57 +3348,6 @@ func (s *GatewayService) diagnoseSelectionFailure(
 	return selectionFailureDiagnosis{Category: "eligible"}
 }
-func (s *GatewayService) logSoraSelectionFailureDetails(
-	ctx context.Context,
-	groupID *int64,
-	sessionHash string,
-	requestedModel string,
-	accounts []Account,
-	excludedIDs map[int64]struct{},
-	allowMixedScheduling bool,
-) {
-	const maxLines = 30
-	logged := 0
-	for i := range accounts {
-		if logged >= maxLines {
-			break
-		}
-		acc := &accounts[i]
-		diagnosis := s.diagnoseSelectionFailure(ctx, acc, requestedModel, PlatformSora, excludedIDs, allowMixedScheduling)
-		if diagnosis.Category == "eligible" {
-			continue
-		}
-		detail := diagnosis.Detail
-		if detail == "" {
-			detail = "-"
-		}
-		logger.LegacyPrintf(
-			"service.gateway",
-			"[SelectAccountDetailed:Sora] group_id=%v model=%s session=%s account_id=%d account_platform=%s category=%s detail=%s",
-			derefGroupID(groupID),
-			requestedModel,
-			shortSessionHash(sessionHash),
-			acc.ID,
-			acc.Platform,
-			diagnosis.Category,
-			detail,
-		)
-		logged++
-	}
-	if len(accounts) > maxLines {
-		logger.LegacyPrintf(
-			"service.gateway",
-			"[SelectAccountDetailed:Sora] group_id=%v model=%s session=%s truncated=true total=%d logged=%d",
-			derefGroupID(groupID),
-			requestedModel,
-			shortSessionHash(sessionHash),
-			len(accounts),
-			logged,
-		)
-	}
-}
 func isPlatformFilteredForSelection(acc *Account, platform string, allowMixedScheduling bool) bool {
 	if acc == nil {
 		return true
@@ -3573,9 +3426,6 @@ func (s *GatewayService) isModelSupportedByAccount(account *Account, requestedMo
 		}
 		return mapAntigravityModel(account, requestedModel) != ""
 	}
-	if account.Platform == PlatformSora {
-		return s.isSoraModelSupportedByAccount(account, requestedModel)
-	}
 	if account.IsBedrock() {
 		_, ok := ResolveBedrockModelID(account, requestedModel)
 		return ok
@@ -3588,143 +3438,6 @@ func (s *GatewayService) isModelSupportedByAccount(account *Account, requestedMo
 	return account.IsModelSupported(requestedModel)
 }
-func (s *GatewayService) isSoraModelSupportedByAccount(account *Account, requestedModel string) bool {
-	if account == nil {
-		return false
-	}
-	if strings.TrimSpace(requestedModel) == "" {
-		return true
-	}
-	// 先走原始精确/通配符匹配。
-	mapping := account.GetModelMapping()
-	if len(mapping) == 0 || account.IsModelSupported(requestedModel) {
-		return true
-	}
-	aliases := buildSoraModelAliases(requestedModel)
-	if len(aliases) == 0 {
-		return false
-	}
-	hasSoraSelector := false
-	for pattern := range mapping {
-		if !isSoraModelSelector(pattern) {
-			continue
-		}
-		hasSoraSelector = true
-		if matchPatternAnyAlias(pattern, aliases) {
-			return true
-		}
-	}
-	// 兼容旧账号：mapping 存在但未配置任何 Sora 选择器（例如只含 gpt-*），
-	// 此时不应误拦截 Sora 模型请求。
-	if !hasSoraSelector {
-		return true
-	}
-	return false
-}
-func matchPatternAnyAlias(pattern string, aliases []string) bool {
-	normalizedPattern := strings.ToLower(strings.TrimSpace(pattern))
-	if normalizedPattern == "" {
-		return false
-	}
-	for _, alias := range aliases {
-		if matchWildcard(normalizedPattern, alias) {
-			return true
-		}
-	}
-	return false
-}
-func isSoraModelSelector(pattern string) bool {
-	p := strings.ToLower(strings.TrimSpace(pattern))
-	if p == "" {
-		return false
-	}
-	switch {
-	case strings.HasPrefix(p, "sora"),
-		strings.HasPrefix(p, "gpt-image"),
-		strings.HasPrefix(p, "prompt-enhance"),
-		strings.HasPrefix(p, "sy_"):
-		return true
-	}
-	return p == "video" || p == "image"
-}
-func buildSoraModelAliases(requestedModel string) []string {
-	modelID := strings.ToLower(strings.TrimSpace(requestedModel))
-	if modelID == "" {
-		return nil
-	}
-	aliases := make([]string, 0, 8)
-	addAlias := func(value string) {
-		v := strings.ToLower(strings.TrimSpace(value))
-		if v == "" {
-			return
-		}
-		for _, existing := range aliases {
-			if existing == v {
-				return
-			}
-		}
-		aliases = append(aliases, v)
-	}
-	addAlias(modelID)
-	cfg, ok := GetSoraModelConfig(modelID)
-	if ok {
-		addAlias(cfg.Model)
-		switch cfg.Type {
-		case "video":
-			addAlias("video")
-			addAlias("sora")
-			addAlias(soraVideoFamilyAlias(modelID))
-		case "image":
-			addAlias("image")
-			addAlias("gpt-image")
-		case "prompt_enhance":
-			addAlias("prompt-enhance")
-		}
-		return aliases
-	}
-	switch {
-	case strings.HasPrefix(modelID, "sora"):
-		addAlias("video")
-		addAlias("sora")
-		addAlias(soraVideoFamilyAlias(modelID))
-	case strings.HasPrefix(modelID, "gpt-image"):
-		addAlias("image")
-		addAlias("gpt-image")
-	case strings.HasPrefix(modelID, "prompt-enhance"):
-		addAlias("prompt-enhance")
-	default:
-		return nil
-	}
-	return aliases
-}
-func soraVideoFamilyAlias(modelID string) string {
-	switch {
-	case strings.HasPrefix(modelID, "sora2pro-hd"):
-		return "sora2pro-hd"
-	case strings.HasPrefix(modelID, "sora2pro"):
-		return "sora2pro"
-	case strings.HasPrefix(modelID, "sora2"):
-		return "sora2"
-	default:
-		return ""
-	}
-}
 // GetAccessToken 获取账号凭证
 func (s *GatewayService) GetAccessToken(ctx context.Context, account *Account) (string, string, error) {
 	switch account.Type {
@@ -7592,9 +7305,6 @@ func buildUsageBillingCommand(requestID string, usageLog *UsageLog, p *postUsage
 		cmd.CacheCreationTokens = usageLog.CacheCreationTokens
 		cmd.CacheReadTokens = usageLog.CacheReadTokens
 		cmd.ImageCount = usageLog.ImageCount
-		if usageLog.MediaType != nil {
-			cmd.MediaType = *usageLog.MediaType
-		}
 		if usageLog.ServiceTier != nil {
 			cmd.ServiceTier = *usageLog.ServiceTier
 		}
@@ -7750,8 +7460,6 @@ type recordUsageOpts struct {
 	// EnableClaudePath 启用 Claude 路径特有逻辑：
 	// - Claude Max 缓存计费策略
-	// - Sora 媒体类型分支（image/video/prompt）
-	// - MediaType 字段写入使用日志
 	EnableClaudePath bool
 	// 长上下文计费（仅 Gemini 路径需要）
@@ -7842,7 +7550,6 @@ type recordUsageCoreInput struct {
 // recordUsageCore 是 RecordUsage 和 RecordUsageWithLongContext 的统一实现。
 // opts 中的字段控制两者之间的差异行为：
 // - ParsedRequest != nil → 启用 Claude Max 缓存计费策略
-// - EnableSoraMedia → 启用 Sora MediaType 分支（image/video/prompt）
 // - LongContextThreshold > 0 → Token 计费回退走 CalculateCostWithLongContext
 func (s *GatewayService) recordUsageCore(ctx context.Context, input *recordUsageCoreInput, opts *recordUsageOpts) error {
 	result := input.Result
@@ -7944,16 +7651,6 @@ func (s *GatewayService) calculateRecordUsageCost(
 	multiplier float64,
 	opts *recordUsageOpts,
 ) *CostBreakdown {
-	// Sora 媒体类型分支（仅 Claude 路径启用）
-	if opts.EnableClaudePath {
-		if result.MediaType == MediaTypeImage || result.MediaType == MediaTypeVideo {
-			return s.calculateSoraMediaCost(result, apiKey, billingModel, multiplier)
-		}
-		if result.MediaType == MediaTypePrompt {
-			return &CostBreakdown{}
-		}
-	}
 	// 图片生成计费
 	if result.ImageCount > 0 {
 		return s.calculateImageCost(ctx, result, apiKey, billingModel, multiplier)
@@ -7963,28 +7660,6 @@ func (s *GatewayService) calculateRecordUsageCost(
 	return s.calculateTokenCost(ctx, result, apiKey, billingModel, multiplier, opts)
 }
-// calculateSoraMediaCost 计算 Sora 图片/视频的费用。
-func (s *GatewayService) calculateSoraMediaCost(
-	result *ForwardResult,
-	apiKey *APIKey,
-	billingModel string,
-	multiplier float64,
-) *CostBreakdown {
-	var soraConfig *SoraPriceConfig
-	if apiKey.Group != nil {
-		soraConfig = &SoraPriceConfig{
-			ImagePrice360:          apiKey.Group.SoraImagePrice360,
-			ImagePrice540:          apiKey.Group.SoraImagePrice540,
-			VideoPricePerRequest:   apiKey.Group.SoraVideoPricePerRequest,
-			VideoPricePerRequestHD: apiKey.Group.SoraVideoPricePerRequestHD,
-		}
-	}
-	if result.MediaType == MediaTypeImage {
-		return s.billingService.CalculateSoraImageCost(result.ImageSize, result.ImageCount, soraConfig, multiplier)
-	}
-	return s.billingService.CalculateSoraVideoCost(billingModel, soraConfig, multiplier)
-}
 // resolveChannelPricing 检查指定模型是否存在渠道级别定价。
 // 返回非 nil 的 ResolvedPricing 表示有渠道定价，nil 表示走默认定价路径。
 func (s *GatewayService) resolveChannelPricing(ctx context.Context, billingModel string, apiKey *APIKey) *ResolvedPricing {
@@ -8133,13 +7808,12 @@ func (s *GatewayService) buildRecordUsageLog(
 		RateMultiplier:        multiplier,
 		AccountRateMultiplier: &accountRateMultiplier,
 		BillingType:           billingType,
-		BillingMode:           resolveBillingMode(opts, result, cost),
+		BillingMode:           resolveBillingMode(result, cost),
 		Stream:                result.Stream,
 		DurationMs:            &durationMs,
 		FirstTokenMs:          result.FirstTokenMs,
 		ImageCount:            result.ImageCount,
 		ImageSize:             optionalTrimmedStringPtr(result.ImageSize),
-		MediaType:             resolveMediaType(opts, result),
 		CacheTTLOverridden:    cacheTTLOverridden,
 		ChannelID:             optionalInt64Ptr(input.ChannelID),
 		ModelMappingChain:     optionalTrimmedStringPtr(input.ModelMappingChain),
@@ -8163,13 +7837,7 @@ func (s *GatewayService) buildRecordUsageLog(
 }
 // resolveBillingMode 根据计费结果和请求类型确定计费模式。
-// Sora 媒体类型自身已确定计费模式（由上游处理），返回 nil 跳过。
+func resolveBillingMode(result *ForwardResult, cost *CostBreakdown) *string {
-func resolveBillingMode(opts *recordUsageOpts, result *ForwardResult, cost *CostBreakdown) *string {
-	isSoraMedia := opts.EnableClaudePath &&
-		(result.MediaType == MediaTypeImage || result.MediaType == MediaTypeVideo || result.MediaType == MediaTypePrompt)
-	if isSoraMedia {
-		return nil
-	}
 	var mode string
 	switch {
 	case cost != nil && cost.BillingMode != "":
@@ -8182,13 +7850,6 @@ func resolveBillingMode(opts *recordUsageOpts, result *ForwardResult, cost *Cost
 	return &mode
 }
-func resolveMediaType(opts *recordUsageOpts, result *ForwardResult) *string {
-	if opts.EnableClaudePath && strings.TrimSpace(result.MediaType) != "" {
-		return &result.MediaType
-	}
-	return nil
-}
 func optionalSubscriptionID(subscription *UserSubscription) *int64 {
 	if subscription != nil {
 		return &subscription.ID