fix: update initial authentication index handling to use -1 for no active account

Author: bbbugg

.env.example

@@ -40,7 +40,7 @@ RATE_LIMIT_MAX_ATTEMPTS=5
 RATE_LIMIT_WINDOW_MINUTES=15
 
 # Initial authentication index to use on startup
-INITIAL_AUTH_INDEX=1
+INITIAL_AUTH_INDEX=0
 
 # ===================================
 # UI Configuration

README.md

@@ -48,47 +48,9 @@ The API server will be available at `http://localhost:7860`
 
 ### ☁ Cloud Deployment (Linux VPS)
 
-For production deployment on a server (Linux VPS), you need to extract authentication credentials from a Windows machine first.
+For production deployment on a server (Linux VPS), you can now deploy directly using Docker without pre-extracting authentication credentials.
 
-#### 📝 Step 1: Extract Authentication Credentials (on Windows)
-
-1. Clone the repository on a Windows machine:
-
-```powershell
-git clone https://github.com/iBenzene/AIStudioToAPI.git
-cd AIStudioToAPI
-```
-
-2. Run the setup script:
-
-```powershell
-npm run setup-auth
-```
-
-This will:
-
-- Download Camoufox browser automatically
-- Launch the browser and navigate to AI Studio automatically
-- Log in with your Google account
-- Save authentication credentials to `configs/auth/auth-N.json` (where N is an auto-incremented index starting from 0)
-
-**How it works**: The script uses browser automation to capture your AI Studio session cookies and tokens, storing them securely in a JSON file. The authentication file is named with an auto-incremented index (auth-0.json, auth-1.json, etc.) to support multiple accounts. This allows the API to make authenticated requests to AI Studio without requiring interactive login on the server.
-
-3. Locate the authentication file:
-
-```powershell
-ls configs/auth/auth-*.json
-```
-
-4. Copy the auth file to your server:
-
-```powershell
-scp configs/auth/auth-*.json user@your-server:/path/to/deployment/configs/auth/
-```
-
-5. You can now delete the cloned repository from your Windows machine.
-
-#### 🚢 Step 2: Deploy on Server
+#### 🚢 Step 1: Deploy on Server
 
 ##### 🐋 Option 1: Docker Command
 
@@ -149,7 +111,25 @@ Stop the service:
 sudo docker compose down
 ```
 
-##### 🌐 Step 3 (Optional): Nginx Reverse Proxy
+#### 🔑 Step 2: Account Management
+
+After deployment, you need to add Google accounts using one of these methods:
+
+**Method 1: VNC-Based Login (Recommended)**
+
+- Visit the homepage and click the "Add User" button
+- You'll be redirected to a VNC page with a browser instance
+- Log in to your Google account
+- The account will be automatically saved as `auth-N.json` (N starts from 0)
+
+**Method 2: Upload Auth Files (Legacy)**
+
+- Run `npm run setup-auth` on a Windows machine to generate auth files
+- Upload `auth-N.json` files (N starts from 0) to the mounted `/path/to/auth` directory
+
+> **Note**: Environment variable-based auth injection is no longer supported.
+
+#### 🌐 Step 3 (Optional): Nginx Reverse Proxy
 
 If you need to access via a domain name or want unified management at the reverse proxy layer (e.g., configure HTTPS, load balancing, etc.), you can use Nginx.
 
@@ -194,7 +174,7 @@ This endpoint is forwarded to the official Gemini API format endpoint.
 
 | Variable                        | Description                                                                                          | Default   |
 | :------------------------------ | :--------------------------------------------------------------------------------------------------- | :-------- |
-| `INITIAL_AUTH_INDEX`            | Initial authentication index to use on startup.                                                      | `1`       |
+| `INITIAL_AUTH_INDEX`            | Initial authentication index to use on startup.                                                      | `0`       |
 | `MAX_RETRIES`                   | Maximum number of retries for failed requests (only effective for fake streaming and non-streaming). | `3`       |
 | `RETRY_DELAY`                   | Delay between retries in milliseconds.                                                               | `2000`    |
 | `SWITCH_ON_USES`                | Number of requests before automatically switching accounts (0 to disable).                           | `40`      |

README_CN.md

@@ -48,47 +48,9 @@ API 服务将在 `http://localhost:7860` 上运行。
 
 ### ☁ 云端部署（Linux VPS）
 
-在生产环境中部署到服务器（Linux VPS）时，需要先从 Windows 机器中提取身份验证凭据。
+在生产环境中部署到服务器（Linux VPS）时，现在可以直接使用 Docker 部署，无需预先提取身份验证凭据。
 
-#### 📝 步骤 1：提取身份验证凭据（在 Windows 上）
-
-1. 在 Windows 机器上克隆仓库：
-
-```powershell
-git clone https://github.com/iBenzene/AIStudioToAPI.git
-cd AIStudioToAPI
-```
-
-2. 运行设置脚本：
-
-```powershell
-npm run setup-auth
-```
-
-这将：
-
-- 自动下载 Camoufox 浏览器
-- 启动浏览器并自动导航到 AI Studio
-- 手动登录你的 Google 账号
-- 将身份验证凭据保存到 `configs/auth/auth-N.json`（其中 N 是从 0 开始自动递增的索引）
-
-**工作原理**：脚本使用浏览器自动化技术捕获您的 AI Studio 会话 Cookie 和令牌，并将它们安全地存储在 JSON 文件中。认证文件使用自动递增的索引命名（auth-0.json、auth-1.json 等）以支持多个账号。这样 API 就可以在服务器上进行经过身份验证的请求，而无需交互式登录。
-
-3. 找到身份验证文件：
-
-```powershell
-ls configs/auth/auth-*.json
-```
-
-4. 将认证文件复制到服务器：
-
-```powershell
-scp configs/auth/auth-*.json user@your-server:/path/to/deployment/configs/auth/
-```
-
-5. 现在可以从 Windows 机器中删除克隆的仓库了。
-
-#### 🚢 步骤 2：部署到服务器
+#### 🚢 步骤 1：部署到服务器
 
 ##### 🐋 方式 1：Docker 命令
 
@@ -149,7 +111,25 @@ sudo docker compose logs -f
 sudo docker compose down
 ```
 
-##### 🌐 步骤 3（可选）：使用 Nginx 反向代理
+#### 🔑 步骤 2：账户管理
+
+部署后，您需要使用以下方式之一添加 Google 账户：
+
+**方法 1：VNC 登录（推荐）**
+
+- 访问主页并点击"添加账户"按钮
+- 将跳转到 VNC 页面，显示浏览器实例
+- 登录您的 Google 账户
+- 账户将自动保存为 `auth-N.json`（N 从 0 开始）
+
+**方法 2：上传认证文件（传统方式）**
+
+- 在 Windows 机器上运行 `npm run setup-auth` 生成认证文件
+- 将 `auth-N.json` 文件（N 从 0 开始）上传到挂载的 `/path/to/auth` 目录
+
+> **注意**：不再支持通过环境变量注入认证信息。
+
+#### 🌐 步骤 3（可选）：使用 Nginx 反向代理
 
 如果需要通过域名访问或希望在反向代理层统一管理（例如配置 HTTPS、负载均衡等），可以使用 Nginx。
 
@@ -194,7 +174,7 @@ sudo docker compose down
 
 | 变量名                          | 描述                                                 | 默认值    |
 | :------------------------------ | :--------------------------------------------------- | :-------- |
-| `INITIAL_AUTH_INDEX`            | 启动时使用的初始身份验证索引。                       | `1`       |
+| `INITIAL_AUTH_INDEX`            | 启动时使用的初始身份验证索引。                       | `0`       |
 | `MAX_RETRIES`                   | 请求失败后的最大重试次数（仅对假流式和非流式生效）。 | `3`       |
 | `RETRY_DELAY`                   | 两次重试之间的间隔（毫秒）。                         | `2000`    |
 | `SWITCH_ON_USES`                | 自动切换帐户前允许的请求次数（设为 0 禁用）。        | `40`      |

main.js

@@ -17,7 +17,7 @@ const ProxyServerSystem = require("./src/core/ProxyServerSystem");
  * Initialize and start the server
  */
 const initializeServer = async () => {
-    const initialAuthIndex = parseInt(process.env.INITIAL_AUTH_INDEX, 10) || 1;
+    const initialAuthIndex = parseInt(process.env.INITIAL_AUTH_INDEX, 10) || 0;
 
     try {
         const serverSystem = new ProxyServerSystem();

scripts/auth/saveAuth.js

@@ -28,6 +28,7 @@ const ensureDirectoryExists = dirPath => {
 
 /**
  * Gets the next available authentication file index from the 'configs/auth' directory.
+ * Uses the same logic as CreateAuth.js: finds the first available index starting from 0.
  * @returns {number} - The next available index value.
  */
 const getNextAuthIndex = () => {
@@ -38,20 +39,12 @@ const getNextAuthIndex = () => {
         return 0;
     }
 
-    const files = fs.readdirSync(directory);
-    const authRegex = /^auth-(\d+)\.json$/;
-
-    let maxIndex = -1;
-    files.forEach(file => {
-        const match = file.match(authRegex);
-        if (match) {
-            const currentIndex = parseInt(match[1], 10);
-            if (currentIndex > maxIndex) {
-                maxIndex = currentIndex;
-            }
-        }
-    });
-    return maxIndex + 1;
+    // Find the first non-existent index starting from 0
+    let nextIndex = 0;
+    while (fs.existsSync(path.join(directory, `auth-${nextIndex}.json`))) {
+        nextIndex++;
+    }
+    return nextIndex;
 };
 
 (async () => {

src/auth/AuthSwitcher.js

@@ -103,7 +103,7 @@ class AuthSwitcher {
             this.logger.info("==================================================");
 
             const failedAccounts = [];
-            // If no current account (currentAuthIndex=0), start from i=0 to try all accounts
+            // If no current account (currentAuthIndex=-1), start from i=0 to try all accounts
             // If has current account, start from i=1 to skip current and try others
             const startOffset = hasCurrentAccount ? 1 : 0;
             const tryCount = hasCurrentAccount ? available.length - 1 : available.length;
@@ -166,7 +166,7 @@ class AuthSwitcher {
                     failedAccounts.push(originalStartAccount);
 
                     // Throw fallback failure error with detailed information
-                    this.currentAuthIndex = 0;
+                    this.currentAuthIndex = -1;
                     throw new Error(
                         `Fallback failed reason: All accounts failed including fallback to #${originalStartAccount}. Failed accounts: [${failedAccounts.join(", ")}]`
                     );
@@ -177,7 +177,7 @@ class AuthSwitcher {
             this.logger.error(
                 `FATAL: All ${available.length} accounts failed! Failed accounts: [${failedAccounts.join(", ")}]`
             );
-            this.currentAuthIndex = 0;
+            this.currentAuthIndex = -1;
             throw new Error(
                 `Switching to account failed: All ${available.length} available accounts failed to initialize. Failed accounts: [${failedAccounts.join(", ")}]`
             );

src/auth/CreateAuth.js

@@ -307,7 +307,7 @@ class CreateAuth {
                 fs.mkdirSync(configDir, { recursive: true });
             }
 
-            let nextAuthIndex = 1;
+            let nextAuthIndex = 0;
             while (fs.existsSync(path.join(configDir, `auth-${nextAuthIndex}.json`))) {
                 nextAuthIndex++;
             }

src/core/BrowserManager.js

@@ -24,8 +24,8 @@ class BrowserManager {
         this.context = null;
         this.page = null;
         // currentAuthIndex is the single source of truth for current account, accessed via getter/setter
-        // 0 means no account is currently active
-        this._currentAuthIndex = 0;
+        // -1 means no account is currently active (invalid/error state)
+        this._currentAuthIndex = -1;
         this.scriptFileName = "build.js";
 
         // Added for background wakeup logic from new core
@@ -530,15 +530,15 @@ class BrowserManager {
     }
 
     async launchOrSwitchContext(authIndex) {
-        if (typeof authIndex !== "number" || authIndex <= 0) {
-            this.logger.error(`[Browser] Invalid authIndex: ${authIndex}. authIndex must be > 0.`);
-            this._currentAuthIndex = 0;
-            throw new Error(`Invalid authIndex: ${authIndex}. Must be > 0.`);
+        if (typeof authIndex !== "number" || authIndex < 0) {
+            this.logger.error(`[Browser] Invalid authIndex: ${authIndex}. authIndex must be >= 0.`);
+            this._currentAuthIndex = -1;
+            throw new Error(`Invalid authIndex: ${authIndex}. Must be >= 0.`);
         }
         if (!this.browser) {
             this.logger.info("🚀 [Browser] Main browser instance not running, performing first-time launch...");
             if (!fs.existsSync(this.browserExecutablePath)) {
-                this._currentAuthIndex = 0;
+                this._currentAuthIndex = -1;
                 throw new Error(`Browser executable not found at path: ${this.browserExecutablePath}`);
             }
             this.browser = await firefox.launch({
@@ -551,8 +551,8 @@ class BrowserManager {
                 this.browser = null;
                 this.context = null;
                 this.page = null;
-                this._currentAuthIndex = 0;
-                this.logger.warn("[Browser] Reset currentAuthIndex to 0 due to unexpected disconnect.");
+                this._currentAuthIndex = -1;
+                this.logger.warn("[Browser] Reset currentAuthIndex to -1 due to unexpected disconnect.");
             });
             this.logger.info("✅ [Browser] Main browser instance successfully launched.");
         }
@@ -851,7 +851,7 @@ class BrowserManager {
         } catch (error) {
             this.logger.error(`❌ [Browser] Account ${authIndex} context initialization failed: ${error.message}`);
             await this.closeBrowser();
-            this._currentAuthIndex = 0;
+            this._currentAuthIndex = -1;
             throw error;
         }
     }
@@ -878,8 +878,8 @@ class BrowserManager {
             this.browser = null;
             this.context = null;
             this.page = null;
-            this._currentAuthIndex = 0;
-            this.logger.info("[Browser] Main browser instance closed, currentAuthIndex reset to 0.");
+            this._currentAuthIndex = -1;
+            this.logger.info("[Browser] Main browser instance closed, currentAuthIndex reset to -1.");
         }
     }
 

src/core/RequestHandler.js

@@ -80,8 +80,8 @@ class RequestHandler {
      * Handle browser recovery when connection is lost
      *
      * Important: isSystemBusy flag management strategy:
-     * - Direct recovery (recoveryAuthIndex > 0): We manually set and reset isSystemBusy
-     * - Switch to next account (recoveryAuthIndex = 0): Let switchToNextAuth() manage isSystemBusy internally
+     * - Direct recovery (recoveryAuthIndex >= 0): We manually set and reset isSystemBusy
+     * - Switch to next account (recoveryAuthIndex = -1): Let switchToNextAuth() manage isSystemBusy internally
      * - This prevents the bug where isSystemBusy is set here, then switchToNextAuth() checks it and returns "already in progress"
      *
      * @returns {boolean} true if recovery successful, false otherwise
@@ -103,12 +103,12 @@ class RequestHandler {
             "❌ [System] Browser WebSocket connection disconnected! Possible process crash. Attempting recovery..."
         );
 
-        const recoveryAuthIndex = this.currentAuthIndex || 0;
+        const recoveryAuthIndex = this.currentAuthIndex;
         let wasDirectRecovery = false;
         let recoverySuccess = false;
 
         try {
-            if (recoveryAuthIndex > 0) {
+            if (recoveryAuthIndex >= 0) {
                 // Direct recovery: we manage isSystemBusy ourselves
                 wasDirectRecovery = true;
                 this.authSwitcher.isSystemBusy = true;