Harden provider key env management
This commit is contained in:
1
RULES.md
1
RULES.md
@@ -57,6 +57,7 @@
|
|||||||
- `HERMES_API_BASE`
|
- `HERMES_API_BASE`
|
||||||
- `HERMES_API_KEY`(敏感,不入库)
|
- `HERMES_API_KEY`(敏感,不入库)
|
||||||
- `HERMES_MODEL`
|
- `HERMES_MODEL`
|
||||||
|
- `OPENROUTER_API_KEY` / `OPENAI_API_KEY` / `ANTHROPIC_API_KEY` 等 Provider Key(敏感,不入库;通过「提供商」页写入服务器环境变量)
|
||||||
|
|
||||||
## 规则
|
## 规则
|
||||||
- 不允许编造不存在的部署域名、账号、密码
|
- 不允许编造不存在的部署域名、账号、密码
|
||||||
|
|||||||
@@ -1252,6 +1252,7 @@ def handle_provider_keys_delete(path: str, headers: dict[str, str]) -> tuple[int
|
|||||||
raw_key = urllib.parse.unquote(path[len("/feishu/provider-keys/") :].strip("/"))
|
raw_key = urllib.parse.unquote(path[len("/feishu/provider-keys/") :].strip("/"))
|
||||||
key = validate_provider_env_key(raw_key)
|
key = validate_provider_env_key(raw_key)
|
||||||
write_env_removals(Config.env_file, {key})
|
write_env_removals(Config.env_file, {key})
|
||||||
|
os.environ.pop(key, None)
|
||||||
reload_config_from_env_file()
|
reload_config_from_env_file()
|
||||||
logging.info("removed provider env key %s", key)
|
logging.info("removed provider env key %s", key)
|
||||||
return 200, {"code": 0, "msg": "ok", "key": {"key": key, "present": False}}
|
return 200, {"code": 0, "msg": "ok", "key": {"key": key, "present": False}}
|
||||||
|
|||||||
Reference in New Issue
Block a user