Harden provider key env management

2026-05-11 19:16:24 +08:00
parent c78f112685
commit dedd2bf5d3
2 changed files with 2 additions and 0 deletions
--- a/RULES.md
+++ b/RULES.md
@@ -57,6 +57,7 @@
  - `HERMES_API_BASE`
  - `HERMES_API_KEY`（敏感，不入库）
  - `HERMES_MODEL`
+  - `OPENROUTER_API_KEY` / `OPENAI_API_KEY` / `ANTHROPIC_API_KEY` 等 Provider Key（敏感，不入库；通过「提供商」页写入服务器环境变量）

 ## 规则
 - 不允许编造不存在的部署域名、账号、密码
--- a/server/feishu_bridge.py
+++ b/server/feishu_bridge.py
@@ -1252,6 +1252,7 @@ def handle_provider_keys_delete(path: str, headers: dict[str, str]) -> tuple[int
        raw_key = urllib.parse.unquote(path[len("/feishu/provider-keys/") :].strip("/"))
        key = validate_provider_env_key(raw_key)
        write_env_removals(Config.env_file, {key})
+        os.environ.pop(key, None)
        reload_config_from_env_file()
        logging.info("removed provider env key %s", key)
        return 200, {"code": 0, "msg": "ok", "key": {"key": key, "present": False}}