2929_config_lock = threading .Lock ()
3030
3131class ModelSettingsVO (BaseModel ):
32- """模型设置数据结构"""
32+ """模型设置数据结构 (保持原始字段以兼容历史客户端)
33+ 安全调整: GET 接口中 apiKey 字段现在直接返回掩码后的值,而非明文;。
34+ 这样旧前端仍可显示(只是掩码),避免破坏性变更。
35+ """
3336 modelPlatform : str = Field (..., description = "模型平台: doubao | openai" )
3437 modelId : str = Field (..., description = "VLM模型ID" )
3538 baseUrl : str = Field (..., description = "API基础URL" )
3639 embeddingModelId : str = Field (..., description = "嵌入模型ID" )
37- apiKey : str = Field (..., description = "API密钥" )
40+ apiKey : str = Field (..., description = "API密钥(更新请求需提供; 查询返回为掩码值) " )
3841
3942
4043class GetModelSettingsRequest (BaseModel ):
@@ -43,12 +46,12 @@ class GetModelSettingsRequest(BaseModel):
4346
4447
4548class GetModelSettingsResponse (BaseModel ):
46- """获取模型设置响应"""
49+ """获取模型设置响应 (apiKey 为掩码值) """
4750 config : ModelSettingsVO
4851
4952
5053class UpdateModelSettingsRequest (BaseModel ):
51- """更新模型设置请求"""
54+ """更新模型设置请求 (继续使用原始模型, 接受明文 apiKey) """
5255 config : ModelSettingsVO
5356
5457
@@ -80,13 +83,24 @@ async def get_model_settings(
8083 base_url = vlm_config .get ("base_url" , "" )
8184 platform = vlm_config .get ("provider" , "" )
8285
83- # 构造响应
86+ # 构造响应 - 使用掩码
87+ def _mask_key (raw : str ) -> str :
88+ """对密钥做掩码:保持前4后2,中间替换为***,长度不足时简单处理。
89+ 不在任何情况下回显原始密钥。"""
90+ if not raw :
91+ return ""
92+ if len (raw ) <= 6 :
93+ return raw [0 ] + "***" if len (raw ) > 1 else "***"
94+ return f"{ raw [:4 ]} { raw [- 2 :]}
95+
96+ masked_key = _mask_key (vlm_config .get ("api_key" , "" ))
97+ # 注意:apiKey 字段返回空串以兼容老客户端字段存在性,但不泄露明文
8498 model_settings = ModelSettingsVO (
8599 modelPlatform = platform ,
86100 modelId = vlm_config .get ("model" , "" ),
87101 baseUrl = base_url ,
88102 embeddingModelId = embedding_config .get ("model" , "" ),
89- apiKey = vlm_config . get ( "api_key" , "" )
103+ apiKey = masked_key # 直接使用掩码后的 key,避免泄露明文
90104 )
91105
92106 response = GetModelSettingsResponse (config = model_settings )
0 commit comments