feat: 控制台文档功能

[yydounai1234]

1.导播台使用指南
2.回源拉流使用指南
3.直播转码使用指南
4.pub转推使用指南
5.api token 鉴权方法

[yydounai1234]

@xgopilot review code

[xgopilot]

Code Review Summary

I've reviewed all 7 changed files in this PR. Here are the issues found:

🔴 Critical Issues

1. 控制台/pub转推.md:29-34 - Broken Image Links

Multiple images use http:// instead of https://, which may cause security warnings in modern browsers:

![服务页面](http://pk0jd2tt5.bkt.clouddn.com/pub1.png)
![新建任务](http://pk0jd2tt5.bkt.clouddn.com/createpub.png)

Recommendation: Use HTTPS URLs for all images.

2. 控制台/回源拉流.md:20,26,31 - Inconsistent Image Protocol

Same issue with HTTP image links in this file.

3. 控制台/导播台.md:13,23,74 - HTTP Image Links

Same security concern with image URLs.

4. 控制台/直播转码.md:13-14,45,60 - HTTP Image Links

Same security concern with image URLs.

⚠️ Content Issues

5. 控制台/pub转推.md:50 - External Link May Break

The link to magic variables documentation may become outdated:

请求参数支持使用[魔法变量](https://developer.qiniu.com/pili/7326/parameters-that-pub)

Note: This links to /pili/ documentation, but the product is migrating to Miku. Consider updating to Miku docs if available.

6. 控制台/导播台.md:4 - Hardcoded Portal URL

The portal URL is hardcoded. Consider if this should be a variable or constant defined once:

portal 导播台地址:  
https://portal.qiniu.com/mikustream/caster  

7. 控制台/导播台.md:67 - External Tutorial Link

导播台使用手册可见:https://studio.cloudvdn.com/tutorial

Consider verifying this link is accessible and won't change.

8. 最佳实践/api请求鉴权.md:32 - Missing Line Break

Line 32 has a formatting note that should be on its own line:

data = <Method> + " " + <Path> + "?" + <RawQuery> + "\nHost: " + <Host> + "\nContent-Type: " + <contentType> + "\n\n" + <bodyStr>

注意:1. 与 中间有一个空格

The note should have better formatting for readability.

📝 Documentation Quality Issues

9. 最佳实践/api请求鉴权.md:63-65 - Incomplete Example Context

The example shows AK/SK values but lacks context:

### 1.5 请求示例
ak = test1
sk = test2
QiniuToken = "Qiniu test1:KI-VgUTKszBmF2b0r3ssQMbnA5Q="

Recommendation: Add a comment clarifying these are example values, not real credentials.

10. 最佳实践/api请求鉴权.md:74 - Orphaned Quote Mark

Line 74 has an empty blockquote:

> 

This should either be removed or completed with content.

11. 控制台/直播转码.md:27 - Incomplete Table Entry

The "关键帧间隔" row in the configuration table has minimal description:

| **关键帧间隔**  | 秒                       | I 帧出现间隔                                                             |

Recommendation: Provide more detailed explanation about GOP (Group of Pictures) and typical values.

✅ Positive Changes

The PR successfully:

• Adds comprehensive console usage guides for 4 major features
• Replaces the old authentication doc (请求鉴权.md) with more detailed API authentication guide
• Improves Pili migration documentation with clearer formatting
• Uses clear tables and structured content
• Provides practical examples and screenshots

📋 Recommendations Summary

1. Security: Convert all HTTP image URLs to HTTPS
2. Maintenance: Verify all external links are stable and accessible
3. Clarity: Add warnings that example credentials are not real
4. Formatting: Fix minor markdown formatting issues (empty blockquotes, line breaks)
5. Completeness: Expand brief technical explanations (GOP/keyframe interval)

---

👉 Want me to re-run this review? Just type /review in the comments! For more usage examples, visit CodeAgent GitHub Repository.

[yydounai1234]

@xgopilot review code

[xgopilot]

Code Review Complete

I've completed a comprehensive review of PR #3 using specialized agents for code quality, performance, documentation accuracy, and security.

Review Summary:

• ✅ Performance: No issues (documentation only)
• ⚠️ Security: 2 critical issues found (hardcoded credentials pattern, weak MD5 hash)
• ⚠️ Documentation: 3 accuracy issues (typo, wrong API example, deprecated link)
• ℹ️ Code Quality: Several organizational improvements recommended

Critical Findings:

1. Typo: bocket → bucket in Pili迁移Miku.md:39
2. Security: Hardcoded test credentials in api请求鉴权.md:63 create dangerous pattern
3. Wrong Example: Go code uses image API instead of MLS API (api请求鉴权.md:103)
4. Deprecated Link: Points to Pili docs instead of Miku (pub转推.md:50)
5. Weak Crypto: MD5 hash for tokens is cryptographically broken (导播台.md:29)

All issues have detailed inline comments with suggested fixes. The documentation structure is solid overall, but these issues should be addressed before merging.

👉 Want me to re-run this review? Just type /review in the comments! For more usage examples, visit CodeAgent GitHub Repository.

[xgopilot]

Security - Weak Crypto: MD5 is cryptographically broken and unsuitable for security tokens. Consider recommending HMAC-SHA256 or JWT-based tokens with proper signing instead. If this is a legacy system, please document migration plans.

[xgopilot]

Code Review Summary

Great work on this comprehensive documentation update! The PR adds valuable console guides and improves API authentication documentation.

Key Strengths:

• Well-structured tables for configuration parameters
• Clear step-by-step guides for console features
• Comprehensive authentication examples with multiple methods

Critical Issues to Address:

• Typo: <bocket> → <bucket> in migration guide
• Deprecated Pili documentation link needs updating
• Security: Consider replacing hardcoded test credentials with placeholders
• Security: MD5 hash for tokens is cryptographically weak

Recommendations:

• Add cross-references between related authentication docs
• Upgrade HTTP image URLs to HTTPS
• Include security best practices section
• Consider creating a navigation index for console docs

All inline comments have been posted on specific lines. No performance issues identified.

[xgopilot]

Code Review Summary

Comprehensive documentation for console features with good structure and examples. However, several security and accuracy issues need attention before merging.

Critical Issues:

• Typo: bocket → bucket in migration guide
• Security: Hardcoded test credentials pattern in API auth guide
• Wrong API endpoint in Go example (uses image API instead of MLS)
• Deprecated Pili documentation link in pub转推
• Weak MD5 hash for token generation (cryptographically broken)

Recommendations:

• Add cross-references between authentication documents
• Use HTTPS for all image CDN links (currently HTTP)
• Add comprehensive security warnings for credential management
• Consider standardizing heading structure across console docs

Performance review found no issues (documentation only). See inline comments for specific fixes.

[xgopilot]

Code Review Summary

Comprehensive documentation for Miku console features. The content is well-structured and informative, but several critical issues need attention:

Critical Issues (Must Fix):

• Typo in WHIP URL format (<bocket> → <bucket>)
• Go signature generation code doesn't match specification for empty body case
• Incomplete URL-safe Base64 encoding (missing padding removal)

Security Concerns:

• HTTP used instead of HTTPS in API examples
• Insufficient credential security warnings
• Consider stronger guidance on password/key strength

Documentation Quality:

• Missing implementation details for director token generation
• Inconsistent table numbering in PUB configuration
• Signature format specification needs concrete examples

Please address the critical issues before merging. Detailed inline comments have been added to specific locations.