From dedd2bf5d356ff8d1593cc87dc4c149592a7ea7e Mon Sep 17 00:00:00 2001 From: kang Date: Mon, 11 May 2026 19:16:24 +0800 Subject: [PATCH] Harden provider key env management --- RULES.md | 1 + server/feishu_bridge.py | 1 + 2 files changed, 2 insertions(+) diff --git a/RULES.md b/RULES.md index 1d7cd0e..080a9ba 100644 --- a/RULES.md +++ b/RULES.md @@ -57,6 +57,7 @@ - `HERMES_API_BASE` - `HERMES_API_KEY`(敏感,不入库) - `HERMES_MODEL` + - `OPENROUTER_API_KEY` / `OPENAI_API_KEY` / `ANTHROPIC_API_KEY` 等 Provider Key(敏感,不入库;通过「提供商」页写入服务器环境变量) ## 规则 - 不允许编造不存在的部署域名、账号、密码 diff --git a/server/feishu_bridge.py b/server/feishu_bridge.py index 4d32702..9586ed7 100644 --- a/server/feishu_bridge.py +++ b/server/feishu_bridge.py @@ -1252,6 +1252,7 @@ def handle_provider_keys_delete(path: str, headers: dict[str, str]) -> tuple[int raw_key = urllib.parse.unquote(path[len("/feishu/provider-keys/") :].strip("/")) key = validate_provider_env_key(raw_key) write_env_removals(Config.env_file, {key}) + os.environ.pop(key, None) reload_config_from_env_file() logging.info("removed provider env key %s", key) return 200, {"code": 0, "msg": "ok", "key": {"key": key, "present": False}}