feat: auth capture — interactive browser, CDP header capture, cookie auth

- AuthCaptureDialog: full WS screenshot stream + mouse/keyboard/scroll events
- Backend auth_capture: CDP Network.requestWillBeSent for Authorization headers
- Candidate scoring: confidence 0-95%, preview (masked), auth_headers section
- Upstream form: add 'Cookie' auth type, handle cookie selection
- UpstreamClient: support auth_type=cookie with Cookie header
- No secrets logged at DEBUG or higher

frontend/src/views/Upstreams.vue

@@ -234,6 +234,7 @@
           <el-select v-model="form.auth_type" style="width: 100%">
             <el-option label="无认证" value="none" />
             <el-option label="Bearer Token" value="bearer" />
+            <el-option label="Cookie" value="cookie" />
             <el-option label="API Key" value="api_key" />
             <el-option label="邮箱密码登录" value="login_password" />
           </el-select>
@@ -249,6 +250,17 @@
             </div>
           </el-form-item>
         </template>
+        <template v-else-if="form.auth_type === 'cookie'">
+          <el-form-item label="Cookie">
+            <div class="auth-field-row">
+              <el-input v-model="form.auth_config.cookie_string" type="password" show-password placeholder="name=value; name2=value2" />
+              <el-button size="small" @click="openAuthCapture">
+                <el-icon><Pointer /></el-icon>
+                提取
+              </el-button>
+            </div>
+          </el-form-item>
+        </template>
         <template v-else-if="form.auth_type === 'api_key'">
           <el-form-item label="API Key">
             <el-input v-model="form.auth_config.key" type="password" show-password placeholder="***" />
@@ -446,12 +458,15 @@ function openAuthCapture() {
 
 function handleAuthCaptureSelect(candidate: { type: string; value: string; cookie_name?: string; cookie_value?: string }) {
   if (candidate.type === 'bearer_token') {
+    form.value.auth_type = 'bearer'
     form.value.auth_config.token = candidate.value
   } else if (candidate.type === 'cookie') {
-    // For cookie auth, store as a formatted cookie string
-    form.value.auth_config.token = candidate.value
+    form.value.auth_type = 'cookie'
+    form.value.auth_config.cookie_string = candidate.cookie_name && candidate.cookie_value
+      ? `${candidate.cookie_name}=${candidate.cookie_value}`
+      : candidate.value
   }
-  ElMessage.success('已填入认证信息')
+  ElMessage.success(`已填入${candidate.type === 'cookie' ? 'Cookie' : 'Bearer Token'}认证信息`)
 }
 
 const quickPlatform = ref('sub2api')
@@ -521,7 +536,7 @@ const recentChecks = computed(() =>
 )
 
 const statusLabel = (s: string) => ({ healthy: '健康', unhealthy: '异常', unknown: '未知' }[s] || s)
-const authLabel = (s: string) => ({ none: '无认证', bearer: 'Bearer', api_key: 'API Key', login_password: '邮箱密码' }[s] || s)
+const authLabel = (s: string) => ({ none: '无认证', bearer: 'Bearer', cookie: 'Cookie', api_key: 'API Key', login_password: '邮箱密码' }[s] || s)
 const toUTC = (t: string) => /[Z+\-]\d*$/.test(t.trim()) ? t : `${t}Z`
 const fmtTime = (t: string) => dayjs(toUTC(t)).format('MM-DD HH:mm:ss')
 const fmtTimeFull = (t: string) => dayjs(toUTC(t)).format('YYYY-MM-DD HH:mm:ss')