feat: 加密并隐藏系统敏感配置

This commit is contained in:
2026-07-10 11:49:21 +08:00
parent aedecb3aab
commit 9fb3dad5bd
7 changed files with 92 additions and 17 deletions

View File

@@ -22,6 +22,7 @@ from app.services.feishu_service import FeishuKnowledgeService
from app.services.knowledge_service import KnowledgeScope
from app.services.model_service import ModelClientService
from app.services.rag_service import RagResult
from app.services.secret_service import MASKED_SECRET, SENSITIVE_CONFIG_KEYS, SecretService
router = APIRouter()
@@ -110,7 +111,7 @@ def create_model(
model_name=payload.modelName,
base_url=payload.baseUrl,
api_url=payload.apiUrl,
api_key=payload.apiKey,
api_key=SecretService.encrypt(payload.apiKey),
auth_type=payload.authType,
api_version=payload.apiVersion,
temperature=payload.temperature,
@@ -152,8 +153,8 @@ def update_model(
model.model_name = payload.modelName
model.base_url = payload.baseUrl
model.api_url = payload.apiUrl
if payload.apiKey:
model.api_key = payload.apiKey
if payload.apiKey and payload.apiKey != MASKED_SECRET:
model.api_key = SecretService.encrypt(payload.apiKey)
model.auth_type = payload.authType
model.api_version = payload.apiVersion
model.temperature = payload.temperature
@@ -237,7 +238,12 @@ def save_config(
config = db.scalar(select(SystemConfig).where(SystemConfig.config_key == payload.configKey))
if config is None:
config = SystemConfig(config_key=payload.configKey, config_value=payload.configValue)
config.config_value = payload.configValue
if payload.configKey in SENSITIVE_CONFIG_KEYS:
if payload.configValue == MASKED_SECRET:
return api_success(_config_dict(config))
config.config_value = SecretService.encrypt(payload.configValue)
else:
config.config_value = payload.configValue
config.description = payload.description
config.updated_by = current_admin.id
db.add(config)
@@ -257,7 +263,7 @@ def _model_dict(model: ModelConfig) -> dict:
"modelName": model.model_name,
"baseUrl": model.base_url,
"apiUrl": model.api_url,
"apiKeyMasked": "******" if model.api_key else "",
"apiKeyMasked": SecretService.masked(model.api_key),
"authType": model.auth_type,
"apiVersion": model.api_version,
"temperature": float(model.temperature) if model.temperature is not None else None,
@@ -309,10 +315,13 @@ def clear_feishu_cache(current_admin: Admin = Depends(get_current_admin)) -> dic
def _config_dict(config: SystemConfig) -> dict:
value = config.config_value
if config.config_key in SENSITIVE_CONFIG_KEYS:
value = SecretService.masked(value)
return {
"id": config.id,
"configKey": config.config_key,
"configValue": config.config_value,
"configValue": value,
"description": config.description,
"updatedAt": config.updated_at,
}